History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: JM-1304
Type: Bug Bug
Status: Open Open
Priority: Critical Critical
Assignee: Daniel Henninger
Reporter: Daniel Henninger
Votes: 2
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Openfire

Openfire should not allow illegal users to be added to a user's roster

Created: 03/19/08 12:40 PM   Updated: 08/21/08 12:30 PM
Component/s: None
Affects Version/s: 3.4.5
Fix Version/s: 3.6.1

Time Tracking:
Not Specified

Support Plan Customer Issue: No
Acceptance Test - Add?: No


 Description  « Hide
via pidgin it's possible to add "mybuddy" to your roster. this is not valid per JID creation rules. (note that if it looks like a domain, it's cool, if it doesn't, it's not, without the @) the big problem here is, by allowing the add to occur, when the user logs in next, they can't log in because the roster manager does change for validity and fails out. so two pronged:

1. we should skip busted entries and just log an error
2. we should check for validity upon add

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Daryl Herzmann - 08/12/08 10:00 AM
Not sure if this should be another Jira ticket, but the same issue rears its ugly head when users can add non-existing accounts to MUC room permissions.


Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators