Randomize resource string on first connection to an account
Gajim connects with "Gajim" as the resource string. If you have two instances of Gajim on the same account, one of them will ask the user to resolve the conflict.
For multiple reasons it would be better to replace the fixed string by a randomized one:
- User surveillance: somebody who knows your bare JID can guess the resource part and determine your client version and probe you for online/offline presence (as well as an estimate of the RTT between you and your server)
- Multi-client operation: if you have two Gajims, no user interaction is required to resolve the conflict
- This would accord to Best Practices: (I had to strip the link because your bug trackers tells me I'm a spammer)
While the above article recommends a server-generated GUID, many clients generate the resource as <clientname>.<hex(randomuint32())>
, e.g. yaxim.4711CAFE
.
The important thing is that you generate/store the value on first connection to the server and reuse it on subsequent reconnects, so that a server can figure out when it needs to replace a dead session of yours.