[JDEV] jabber:iq:oob problems
Robert Temple
robert.temple at dig.com
Sun Nov 26 21:47:13 CST 2000
I have two issues with "out of band" iq messages.
(File Transfers)
1. Server requires a Jabber ID resource.
The server doesn't respond the way I expected when I try to
send a oob request to another user and I don't include the
resource in the user's Jabber ID. The server responds with
an error message. I expected this to work, because when I
don't include a resource when I send an message, the server
works fine. Is this a bug?
Without the server's help with resources, its going to be
hard to send someone files who is not on my roster.
2. OOB/mini web server sequence of events
There isn't any documentation on the sequence of events that
is supposed to happen between clients using oob iqs. After
the one client sends the initial oob iq, when is the other
client supposed to respond with its own iq result? Is it
before, during or after they attempt to connect to the other
clients mini HTTP server?
Its important that the sequence is done correctly to prevent
hackers from downloading the file that was meant for someone
else. Its also important for it to be documented so that
different clients can interoperate!
I plan to do it this way: the first client sends out the
oob iq, starts its mini web server and creates a unique,
virtual URI for the file. At this point, the miniweb server
allows anyone to connect and send an HTTP request. It sends
the HTTP response headers, but it doesn't start sending the
file until it gets an oob iq result back from the 2nd
client. If the 2nd client responds with an error but someone
connected to the web server and requested that file, then the
web server cuts off that connection. Last, the HTTP server
only allows one request for the virtual URI. Once a
request has been made, it removes that URI from its list.
Does this sound like a reasonable and secure implementation?
Thanks,
Robert
More information about the JDev
mailing list