[JDEV] open source webclient on port 80 + moderated chat

Michael F Lin MFLIN at us.ibm.com
Fri Apr 26 14:42:41 CDT 2002 

I would encourage everyone considering using JEP-0025 to review the
security discussion I carried out with the JEP authors on the Jabber
Council mailing list. I do not want to detract from the usefulness of
Jabber, Inc.'s web client, but there are some potential security problems
with the protocol which you should at least be aware of. My main concerns
are laid out in:

http://mailman.jabber.org/pipermail/council/2002-April/000245.html

-Mike



|---------+---------------------------->
|         |           Dave Waite       |
|         |           <mass at akuma.org> |
|         |           Sent by:         |
|         |           jdev-admin at jabber|
|         |           .org             |
|         |                            |
|         |                            |
|         |           04/26/2002 03:14 |
|         |           PM               |
|         |           Please respond to|
|         |           jdev             |
|         |                            |
|---------+---------------------------->
  >------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                              |
  |       To:       jdev at jabber.org                                                                                              |
  |       cc:                                                                                                                    |
  |       Subject:  Re: [JDEV] open source webclient on port 80 + moderated chat                                                 |
  |                                                                                                                              |
  |                                                                                                                              |
  >------------------------------------------------------------------------------------------------------------------------------|



It may support the proxy trick - basically you just tell your HTTP proxy
to connect to port 5222, say its a really long HTTP document to your
proxy and start tunneling data that way. The JEP-25 method has the
benefits of actually using port 80 and not requiring the long-lived HTTP
connection.

-David Waite

Dave wrote:

>Doesn't Jarl also support that?
>Ryan???
>
>Dave Cohen <dave at dave.tj>
>
>
>Peter Millard wrote:
>
>>----- Original Message -----
>>From: <admin at jabber.fsinf.de>
>>[stuff munched..]
>>
>>>But there is neither code for the open source jabberd nor an open source
>>>client that supports this access method?
>>>
>>Exodus supports HTTP polling using the protocol layed out in JEP-25.
There
>>is no open-source implementation of that JEP though :(
>>
>>Peter M.
>>
>>
>>_______________________________________________
>>jdev mailing list
>>jdev at jabber.org
>>http://mailman.jabber.org/listinfo/jdev
>>
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
>


_______________________________________________
jdev mailing list
jdev at jabber.org
http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list