[jdev] XEP-0100 and roster/legacy contact list sync
Richard Dobson
richard at dobson-i.net
Wed Dec 5 04:08:25 CST 2007
Peter Saint-Andre wrote:
> Richard Dobson wrote:
>
>> Tomasz Sterna wrote:
>>
>>> So this is basically the same idea I got and proposed here:
>>> http://jabberd2.xiaoka.com/wiki/ComponentProtocol#Enchancements ?
>>>
>>>
>> Almost, mine isn't tied to the component protocol, its just a normal
>> thing that works over S2S links as well as internally within the server,
>> its hardly revolutionary though, its just reusing things we already have
>> for a wider variety of uses.
>>
>
> Except that how do you know someone is not trying to poison your roster?
>
Because you have a trust/permission granting mechanism on top of this
before the transport can do anything (also if in my case you are running
the transport yourself you can trust that it wont poison the roster even
more), and also the transport can only see and manipulate contacts that
originate at its own domain so it limits the scope for poisoning. This
is virtually the same idea as the one where you request the section of
the roster from the transport except in this case you are modifying your
own roster caching the current transport one so you don't need to keep
re-requesting it and you immediately have all the transport contacts
there at the time you login.
Richard
More information about the JDev
mailing list