powered by Jive Software

Presence plugin

hi guys,

the presence plugin is really cool. But i have a security concerns.

There are only 2 options. The first one is everybody could see any presence. The second option is only subscribed users can see presence. Which is not more secure in my opinion. If i know some Jids of users on the server, and if i know or assume they are subscribed to each other, i can use this jid and req_jid to see their status.

I think in the most use cases users just want to publish their own presence on a webpage. For this case it would be cool if i can get my own presence with my password only. Which is also more secure.

Or did i miss smth in the docs?

Alex

That seems reasonable, but how do you propose your website submit your password securely to Wildfire? If you include your password in the URL, you’'ve basically just given out your password to anyone with a web browser.

Graeme

i thought about server side php, jsp or aspx scripts to show the status on webpages.

Alex

Yeah, server side would definitely work, but that assumes you have some sort of server side scripting language available. Might be useful in some cases, though.