Presence plugin

Alexander_Gnauck · December 21, 2005, 7:27pm

hi guys,

the presence plugin is really cool. But i have a security concerns.

There are only 2 options. The first one is everybody could see any presence. The second option is only subscribed users can see presence. Which is not more secure in my opinion. If i know some Jids of users on the server, and if i know or assume they are subscribed to each other, i can use this jid and req_jid to see their status.

I think in the most use cases users just want to publish their own presence on a webpage. For this case it would be cool if i can get my own presence with my password only. Which is also more secure.

Or did i miss smth in the docs?

Alex

Graeme_Humphries · December 21, 2005, 7:39pm

That seems reasonable, but how do you propose your website submit your password securely to Wildfire? If you include your password in the URL, you’'ve basically just given out your password to anyone with a web browser.

Graeme

Alexander_Gnauck · December 21, 2005, 7:47pm

i thought about server side php, jsp or aspx scripts to show the status on webpages.

Alex

Graeme_Humphries · December 21, 2005, 7:50pm

Yeah, server side would definitely work, but that assumes you have some sort of server side scripting language available. Might be useful in some cases, though.