[JDEV] Auto roster population/lock some groups

Moore, Michael MMoore at osc.uscg.mil
Thu Sep 11 11:16:04 CDT 2003 

Client logins are generated automatically by the page that produces the
applet, and then once they login their user/pass (temporarily created for
login) is removed from the database, and (if I recall properly... I'm still
new to the project) the server has been setup so that no new accounts can be
generated on the server by any client, so the only way to have a user/pass
be availible is for someone to manually enter it in the database (which
would be restricted to only those who need to do that) and by the code that
outputs the applet.

***************************************************
Michael Moore (mmoore at osc.uscg.mil) (304) 264-2652
Team CGCentral
United States Coast Guard Operations Systems Center
***************************************************

-----Original Message-----
From: Alon Weinstein [mailto:alon at sreu.com]
Sent: Thursday, September 11, 2003 12:08 PM
To: jdev at jabber.org
Subject: Re: [JDEV] Auto roster population/lock some groups


Hello Michael.

I can't answer your question, as I am not fluent in XMPP-ish myself, 
however there is one point you should note -- though technically you 
could get away with putting logic only in the clients to block changes 
(using XMPP's standard way to enhance the protocol; you can find info 
about it in lots of places), you shouldn't -- the server must handle 
this logic. Why? because if the server will only be a data-store for 
this kind of data people could login using some other XMPP client and 
avoid the restrictions, and that is probably a security problem, or at 
least a wrong implementation of specifications.

Alon.

Moore, Michael wrote:

> Then the client needs to block modification of those groups marked as
> auto-generated. I'm new to this whole project, I took over for someone a
few
> weeks back and I'm still trying to figure it all out.  The documentation
> I've read has confused me more than helped, and Google has not been my
> friend. Has anyone done anything like this (added stuff to the protocol)?
> Obviously the client needs to know how to handle it, but would it require
> changing the server source and rebuilding? Or just xdb_sql? Any pointers
in
> the right direction would be appreciated.
> 


_______________________________________________
jdev mailing list
jdev at jabber.org
http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list