[ejabberd] privacy lists in 2.1.6

Badlop badlop at gmail.com
Mon Apr 25 15:36:38 MSD 2011


>>> 2011/3/25 Yann Leboulanger<asterix at lagaule.org>:
>>>> If I setup a rule that deny all that have subscription=none to send
>>>> me iq,
>>>> that also prevents ejabberd to reply to my disco#info request for
>>>> example.

A client sets a privacy list with one or more rules, and the server obeys them.
The result is that some stanzas get blocked, as was explicitly
specified in the rules.
That was to be expected, right?

If that was undesired, then the client should set a different set of rules.

> So will there be something done to "fix" this issue?

Yes, the client should only deny all stanzas of subscription=none
if it has already allowed all stanzas of jid=myserver.com

But surprinsgly, that rule will also allow stanzas of all users in myserver.com:
> <domain> (the domain itself matches, as does any user at domain or domain/resource)

So, the protocol makes impossible to write a proper privacy list,
and forces client developers to request server developers to be
protocol incompliant.

This leads us to propose that ejabberd should violate the user-defined rules.
See an experimental patch in https://support.process-one.net/browse/EJAB-1441

Can we safely commit that without having another guy, a month later,
complain that ejabberd violates user privacy rules?


---
Badlop
ProcessOne


More information about the ejabberd mailing list