[JDEV] Jabber HTTP Polling (JEP-0025)
Matthias Wimmer
m at tthias.net
Thu Jan 23 09:52:45 CST 2003
Hi Wojciech!
Wojciech Dec wrote:
>What is the state of JEP-0025? Is it free of security problem now?
>I mean this one of: sniff session ID - change password. Is it solved
>by update to version 0.2 (2002-09-23)?
>
>Do JabberPollingServlet and JabberApplet implement the newest JEP-0025
>version?
>
>
I have adapted the JabberPollingServlet to be compatible with Clients
that use version 0.2 of JEP-0025. But as it does not (yet?) support full
version 0.2 (it doesn't bounce messages that weren't polled by the
client if the client stopps polling) I havn't released this version.
I havn't implemented message bouncing to the Servlet, because I am
unsure if it is the right place to do this. It would be much better to
support this feature by a server component - but with the server
component again it is a problem to deliver a Java-Applet on the same IP
and port (you would have to implement a mini http server). Maybe I will
write a combined version with a server extension and a module to apache
that forwards polling requests to this server component. But nothing is
sure yet.
Tot kijk
Matthias
--
Fon: +49-(0)70 0770 07770 http://matthias-wimmer.de/
Fax: +49-(0)89-312 88 654 jabber://mawis@charente.de
HAM: DB1MW OpenPGP: http://matthias-wimmer.de/encryption
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20030123/a9865c1a/attachment-0002.pgp>
More information about the JDev
mailing list