On Thu, Jul 03, 2003 at 11:27:22AM -0500, Peter Saint-Andre wrote:
> This is a server bug.
I wouldn't treat it like that. Server got stanza directed to a full jid,
so it routed it to client. This is normal IQ handling and IMHO
should not depend on namespace. Probably there will be more namespaces
which should be handled only when sent by server and it is impossible to
make all servers handle all of them in special way. Special cases
make protocol more complicated and complicated protocol is a bad
protocol. IMHO there should be no special cases in protocol. They may be
in implementations.
> With what server did you test this? AFAIK, both
> jabberd 1.4.* and the Jabber Inc. server do the right thing here.
I tested it with current (up to CVS) jabber 1.4.x and with wpjabber.
> The correct behavior is as follows (I have added this text to my working
> copy of draft-ietf-xmpp-im):
>
> A server MUST ignore any 'to' address on a roster "set", and
> MUST treat any roster "set" as applying to the sender.
And the server does this - for stanzas received via client connection. I
thought it is a bug, but if specs say so...
But if the stanza is received from other server or component it is
normally routed to the proper client.
> For added
> safety, a client SHOULD check the "from" address of a roster "push"
> to ensure that it is from a trusted source;
IMHO this should be a MUST. I know the complicated part should be in the
server (that is the Jabber philosophy), but for security it is the best
when most important checks are done at the final point.
Greets,
Jacek
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
