[JDEV] Proposal for filters on incomming messages

Scott Robinson scott at tranzoa.com
Wed Aug 11 18:04:14 CDT 1999 

Any type of message can be filtered. Even rejections from servers. What is
the problem?

As for the spamming aspect, the Jabber server should use a type of
round-robin/timesplicing with Bresenham's algorithm to keep someone from
spamming.

Scott.

* Anders Qvist translated into ASCII [Wed, Aug 11, 1999 at 11:18:05PM +0200][<Pine.LNX.3.96.990811225937.32658A-100000 at valdez.netg.se>]
> On Wed, 11 Aug 1999, Thomas D. Charron wrote:
> 
> > On Wed, 11 Aug 1999 11:59:20   Anders Qvist wrote:
> > >The problem is, we don't want people to be able to send messages that
> > >trick their way past filters by saying: 'I'm a rejection reply' or 'I'm an
> > >error message.' Thus, we need Jabbertransport to protect us from this
> > >somehow. Any thoughts? (I feel I will be writing a new mail on the subject
> > >of verification and auditability shortly so you may want to save your
> > >replies for that ;)
> > 
> >   Hrm..  A rejection reply would need to be an error message, that's a
> > gimme.  But the from would be from a system.  The ONLY way one could
> > hack this is to hack a transport, as the transport that accepts messages
> > from a client would reject messages from a client not 'from' that
> > connection..
> 
> I can create my own server and have it send a rejection reply to a
> client on another server. This means either jabbertransport or client
> (preferably the earlier if you ask me) needs to know what messages it has
> sent in order to tell that a rejection reply (or indeed any reply) is
> authentic. A rather tedious job.
> 
> Things could be simplified a little by fitting all messages with a one-way
> encryption of some secret that is rotated once every week or so. This
> would mean we only need to keep track of a small pile of secrets, rather
> than the MD5 checksum or ID of all messages ever sent.
> 
> ... or am I missing some obvious solution/information?
> 
> Anders "Quest" Qvist
> NetGuide Scandinavia
> 
> -- Why suffer scarcity? Look for the Open Source and enter a world of plenty!
> 
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list