[JDEV] Transports and unregistered Jabber accounts
Matthias Wimmer
m at tthias.net
Wed Jan 7 03:38:47 CST 2004
Hi!
I see problems in the way unregistering an account is handled. If an
account is unregistered this account is dropped by the Jabber server but
non of the transports a user has registered is notified about that (and
it wouldn't even be easily possible as the server does not know which
contact list entires are transports and the transports could even be
just removed from the roster).
The result is, that an other person can register for the same account
and use the former users transport without reregistering and without
knowing the password used to register the accounts. With some transports
the new user can even retrive the password, that used used to register
the transport.
I think this should be fixed, but it might require that the server knows
which roster items are transports. (This knowledge could be used for
other things like Contact-Import as well.) The server could then
unregister all transports if an account is deregistered or if the
transport is removed from the roster.
It would also be possible, that not the server cares about this but the
client and that the client unregistered all transports before removing
them or before unregistering the account. While this might be a good
idea, I think the server should still care for this as well.
Tot kijk
Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.jabber.org/jdev/attachments/20040107/d72b4fce/attachment-0002.pgp>
More information about the JDev
mailing list