1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-24 18:22:24 -05:00
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@1311 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2007-10-24 21:20:15 +00:00
parent 549c8f97a5
commit 26ef69f279

View File

@ -33,8 +33,8 @@
&pgmillard;
&stpeter;
<revision>
<version>1.1pre4</version>
<date>in progress, last updated 2007-10-18</date>
<version>1.1pre5</version>
<date>in progress, last updated 2007-10-24</date>
<initials>psa</initials>
<remark><p>For security reasons, actively discouraged use of the password element; specified use of publish-subscribe private information nodes as the preferred storage mechanism; cleaned up the text and examples.</p></remark>
</revision>
@ -106,9 +106,9 @@
</tr>
<tr>
<td>&lt;password/&gt; element</td>
<td>Unencrypted string for the password needed to enter a password-protected room. Use of this element is now deprecated for security reasons.</td>
<td>Unencrypted string for the password needed to enter a password-protected room. For security reasons, use of this element is NOT RECOMMENDED.</td>
<td>string</td>
<td>DEPRECATED</td>
<td>NOT RECOMMENDED</td>
</tr>
</table>
<p>Note: The datatypes are as defined in &w3xmlschema2;.</p>
@ -272,7 +272,7 @@
<section1 topic='Security Considerations' anchor='security'>
<p>Security considerations related to object persistent via publish-subscribe are described in XEP-0060 and <cite>XEP-0223</cite>.</p>
<p>As noted, use of the &lt;password/&gt; child of the &lt;conference/&gt; element is deprecated and discouraged, since the password could be discovered by a third party, e.g. an eavedropper (if channel encryption is not used) or a server administrator.</p>
<p>Use of the &lt;password/&gt; child of the &lt;conference/&gt; element is NOT RECOMMENDED, since the password could be discovered by a third party, e.g. an eavesdropper (if channel encryption is not used) or a server administrator. However, the element MAY be used in suitably secure environments (e.g., where it is known that communications will not be sent over unencrypted channels and the server administrators are trusted). Clients SHOULD NOT default to storing passwords and MUST enable users to disable any password storage.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
@ -313,6 +313,7 @@
<xs:complexType>
<xs:sequence>
<xs:element name='nick' type='xs:string' minOccurs='0'/>
<xs:element name='password' type='xs:string' minOccurs='0'/>
</xs:sequence>
<xs:attribute name='autojoin' type='xs:boolean' use='optional' default='false'/>
<xs:attribute name='jid' type='xs:string' use='required'/>