[JDEV] Implementation of JEP-0025 (Jabber HTTP Polling)
Matthias Wimmer
m at tthias.net
Thu Jun 6 09:45:40 CDT 2002
Hi!
admin at jabber.fsinf.de wrote:
> Note JEP-0025 is very insecure (in fact it is less secure than standard
> connections with clear text authentification). There were some discussions
> and solutions posted to the standards-jep and council mailing list but up
> to now there was no response by the jabber.com people.
Yes I read the postings at standards-jep and you're right that the
security can be improved.
> I think it would be best to implement one of the proposed protocols that
> are secure and to patch the clients supporting HTTP polling. It's not that
> much work and should be done NOW.
As long as JEP-0025 is the only real documented protocol I prefere to
implement this one. If I implement something else nobody will be able to
use it because your extensions will be forgotten in some months. Also I
couldn't wait to implement it because I need this software component
very soon.
If there is an "agreement" over a new version of the polling protocol I
will like to implement this enhancement.
Tot kijk
Matthias
More information about the JDev
mailing list