[JDEV] Jabber server in Java
Iain Shigeoka
iainshigeoka at yahoo.com
Sun Jul 1 13:04:14 CDT 2001
--- Al Sutton <al at alsutton.com> wrote:
>
> I've started coding a jabber server in Java, It's still in the very
> early
> stages, but I would like to know if anyone else has been working on this
> so
> I can avoid duplicating effort.
I'm working on a mini Jabber server in Java mostly to explore the Jabber
standards and think about compliance (oh boy, if you've been trying a
"cleanroom" style implementation I bet we could create a pretty good
"current protocols are in bad shape" club!). ;) I do have thoughts of
creating a parallel version that is targetted at the "enterprise level"
server market so the mini server uses the new java.nio.* stuff from JDK
1.4.
One of my primary explorations focus on the area of security with Jabber
(my current impression being that things are Not Good(tm)). For example,
there seems to be a built-in assumption that client's must trust their
server (a situation that seems obviously ripe for exploitation) and that
server's trust each other (a possibly worse assumption). Pretty much
every man-in-the-middle and packet spoofing attack seems to be effective
against a Jabber server... I noticed you're signed up for the security
JIG so I'd love to hear your thoughts on this topic and if you've been
thinking/looking at these issues.
Oh, to summarize, I'd love to talk about collaboration. :)
-iain
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
More information about the JDev
mailing list