[JDEV] Continued Improvement of Security Concerns
Oliver George
oliver at littledevil.com.au
Tue Nov 14 17:09:47 CST 2000
Thomas Muldowney wrote:
> As some of you may know I'm a huge fan of strong security options in any
> software that I use. Jabber is definately software I use ;-] and it needs
> more improvements in it's security foundings it already has. Over the next few
> weeks I'm going to be taking a long hard look at many of the security options
> that we have available to us. I would like to ask for any comments, suggestions
> or ideas that anyone has, so I can include these in my initial write up of where
> we stand. After this writeup (I'll probably try and do this by the end of the
> week), I plan to start implementing as many of the features as I possibly can.
> I'm completely serious on this issue, and I'm willing to entertain most any
> idea, even the most widely debated end to end encryption (it's hard, but I have
> some ideas for it). So I'm throwing myself into the deep end, and hoping I
> don't drown =)
>
> --temas
>
I'd like to encourage is consideration for light weight clients. Things
like flash which can make secure http connections (although the
XMLSocket object can't be a secure link I don't think). Another example
might be javascript clients, both don't have existing libraries for
strong security/encryption.
If i could retrieve a random string by a secure url request and then use
that to mask my password then i'd be 1000 times happier than i am right
now. (Yeah, i could write it myself) But the use of standard browser
infrastructure would solve many security problems i think.
I'm confident that my comments are accurate but i'm not sure.
Regards, Oliver.
More information about the JDev
mailing list