On Thu, Jul 03, 2003 at 11:27:22AM -0500, Peter Saint-Andre wrote: > This is a server bug.
I wouldn't treat it like that. Server got stanza directed to a full jid, so it routed it to client. This is normal IQ handling and IMHO should not depend on namespace. Probably there will be more namespaces which should be handled only when sent by server and it is impossible to make all servers handle all of them in special way. Special cases make protocol more complicated and complicated protocol is a bad protocol. IMHO there should be no special cases in protocol. They may be in implementations. > With what server did you test this? AFAIK, both > jabberd 1.4.* and the Jabber Inc. server do the right thing here. I tested it with current (up to CVS) jabber 1.4.x and with wpjabber. > The correct behavior is as follows (I have added this text to my working > copy of draft-ietf-xmpp-im): > > A server MUST ignore any 'to' address on a roster "set", and > MUST treat any roster "set" as applying to the sender. And the server does this - for stanzas received via client connection. I thought it is a bug, but if specs say so... But if the stanza is received from other server or component it is normally routed to the proper client. > For added > safety, a client SHOULD check the "from" address of a roster "push" > to ensure that it is from a trusted source; IMHO this should be a MUST. I know the complicated part should be in the server (that is the Jabber philosophy), but for security it is the best when most important checks are done at the final point. Greets, Jacek _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev