[jdev] introducing MUCkl, a web-based groupchat application

[Norman Rasmussen]

On 2/15/06, Stefan Strigler <steve at zeank.in-berlin.de> wrote:
> E.g. a potential attacker could changed the password of this
> dedicated account and lock out all other users of MUCkl.

You could always disable password changing on the jabber server side. 
I use pam for auth, and password changing is impossible afaik.

--
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/