[JDEV] Account information storage, plaintext?
David Waite
mass at akuma.org
Tue Sep 16 17:52:03 CDT 2003
I agree, many users have actually been confused and upset that they have
not been able to register for a server by going to that server's
webpage. With jabber URIs or MIME types, it is possible for a web-based
registration system to be integrated well into clients.
In the past this has been difficult as the default user store has not
been a database, and the open-source jabber server has done very
optimistic caching. With jabberd2, it should be possible to just add
users to the database via other applications.
jabber:iq:register does not provide a machine-discoverable way the get
the user to the proper webpage - Should the standards-track register
protocol be expanded to include this?
-David Waite
Peter Saint-Andre wrote:
>On Tue, Sep 16, 2003 at 02:54:12PM -0700, Justin Karneges wrote:
>
>
>
>>Maybe the issue comes down to jabber:iq:register being incompatible with any
>>SASL mechanism that does not use plaintext passwords. If we nix iq:register,
>>does the problem go away? Maybe then the admin has to make a choice between
>>supporting anonymous registrations vs having a more-secure system.
>>
>>
>
>Maybe there is a good reason why user registration occurs outside
>the protocol in other systems. I think in-band registration is fine for
>registering with components, but doesn't make sense for registering your
>main IM account.
>
>Peter
>
>
More information about the JDev
mailing list