[JDEV] Transport<->Jabberbox validation..
Thomas Charron
tcharron at nermail.ups.com
Mon Apr 12 15:27:34 CDT 1999
Well, I've spent a fewhours hacking out the socket code for the Windows
client (It actually CONNECTS and sends/recieves stuff now). Ideas have
popped up in doing so..
How will the transports validate with jabberbox? We don't want transports
to blindly be able to attach to jabberbox's. That be bigum moola bad.. I
could simply 'attach' as a rouge transport and start flooding messages, or
attach as a known transport, and start sending messages from users even
though they are not attached to me.. Blech.. You'd get:
<message><from>jeremie</from><to>TwOlf</to><say>HEY big boy, let's get
busy..</say></message>
<message><from>TwOlf</from><to>jeremie</to><say>I can't stand it anymore, I
want your body..</say></message>
Now, while the above would end up being humerouse as hell to watch if it
where sent out by a rouge transport, we need to find a way to ensure it
doesn't happen. Heck, what about rogue jabberbox's attaching to valid
jabberbox's.. How will the server validate each other?
--
Thomas Charron
United Parcel Service
Northeast Region
"Moving at the speed of a T3 Trunk Line!"
More information about the JDev
mailing list