Tighter Jabber Integration
Posted by Trejkaz Fri, 24 Jun 2005 07:00:00 GMT
I’ve been thinking a lot lately of the kind of things I want to do with integrating Jabber into SnipSnap, or any other weblog/wiki/social web site.
I’m starting to think that SnipSnap is becoming horribly inadequate, because I want to tinker with things like authentication. And with the amount of attention lately focused on Ruby on Rails, perhaps I need an excuse to venture into that area instead. :-)
Basically, I want a web site which maintains no information which can’t already be derived from its users’ existing Jabber IDs.
Authentication
Users login using their Jabber ID and password. Users don’t need to sign up. They just enter their details the first time they’re asked. Their JID is added to a database somewhere and that’s that. No CAPTCHA rubbish, no “please enter two dozen fields which my webapp will NEVER USE,” no hassling the user!
Drupal does something like this, but unfortunately Drupal does it by having the user send their Jabber ID and password to the server. This is bad because you’re sending authentication details for one service to another, potentially completely unrelated service. Now, I know that if I implemented this on my site that I wouldn’t abuse this information. But I can’t say the same for others who I might wish to use my stuff.
If a botter comes in and wants to screw up the server, they can create a lot of accounts like this, yes