[JDEV] Discussion of transports?
Robert Norris
rob at cataclysm.cx
Tue Sep 23 20:07:47 CDT 2003
> > 2. With most legacy networks, the transport should auto-import the legacy
> > system's contact list to the Jabber roster. JIT simply sends a presence
> > type=subscribed but this is problematic as with unpatched Jabber servers
> > the nick can't be pushed to the roster and it is uncertain how for example
> > jabberd2 handles this.
>
> Possibility to populate someones roster with <presence type=subscribed>
> is a security issue and I hope it is not present in jabberd2.
jabberd2 does add a roster item if "subscribed" presence packet arrives
for a user not in the roster. Whether this is actually a bug or a
problem has been somewhat ambiguous[1] until recently, when the
subscription state charts were added to XMPP-IM. Now, section 9.4.1
clearly shows that if an "subscribed" presence packet arrives, and we
don't have a subscription, then nothing happens.
I will be looking at getting this fixed for 2.0s1.
Rob.
[1] See http://www.jabberstudio.org/pipermail/jabberd/2002-December/000411.html
--
Robert Norris GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.jabber.org/jdev/attachments/20030924/5d4cc3a1/attachment-0002.pgp>
More information about the JDev
mailing list