evan.s at dreskin.net
Fri Jun 22 10:18:22 EDT 2007
Quoting Etan Reisner <pidgin at unreliablesource.net>:
> I don't believe being able to tell the difference is possible as that
> would leak account information to a potential attacker. In exactly the
> way you would be intending to use it, is the jid I just tried a real
> person or not.
*nod* That makes perfect sense.
> One more question: Even given the new way this is being done with using
> the GaimAccount to store things, what is the purpose of this
> change/callback? What is the usage? What is it making possible?
It's Andy's code and changes, and I've been out of touch, but I can
tell you what the problem was before: After a successful registration,
the user is notified that all went well through a generic notify
callback... and then nothing else happens.
A better response to a successful registration is to connect the
now-registered account (no prompting for a password is necessary,
since the user just entered it; however, this should not automatically
save the password). A callback allows this behavior.
One could have parsed the generic notify message of 'registration
successful' to hack in an automatic connect... but that's obviously
More information about the Devel