[JDEV] jabber:iq:search question
Sebastiaan 'CBAS' Deckers
cbas at screaming3d.com
Sat Dec 7 18:59:18 CST 2002
Is there any implementation of a public service using this technique?
My client supports these sequential results however I could never test
this in the real world.
This is an interesting protocol design choice, but it raises security
concerns. When all you have to rely on is the "id" attribute, how much
chance is there that someone can spoof results? Or even by accident, as
most libraries don't generate random id's.
--
Sebastiaan
Peter Saint-Andre wrote:
> If you have implemented jabber:iq:search in your software AND you are
> using the feature that enabled you so receive multiple IQs for large
> result sets, I would appreciate it if you could let me know. When I
> documented jabber:iq:search in JEP-0055, I left this out because I have
> not been able to find implementations. But if there are implementations, I
> may add it in.
>
> Thanks.
>
> Peter
>
> --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.php
More information about the JDev
mailing list