[JDEV] Re: jabber; what would you like to see?

Ulrich B. Staudinger us at die-horde.de
Thu Sep 25 07:35:10 CDT 2003 

Richard Dobson wrote:

>----- Original Message ----- 
>From: "Ulrich B. Staudinger" <us at die-horde.de>
>To: <jdev at jabber.org>
>Sent: Thursday, September 25, 2003 2:05 PM
>Subject: Re: [JDEV] Re: jabber; what would you like to see?
>
>
>  
>
>>Richard Dobson wrote:
>>
>>    
>>
>>>>What I picture is that one could have a scripting languague within the
>>>>packets, for example:
>>>>
>>>><iq type="get">
>>>><query xmlns="bla bla">
>>>><script>
>>>>@users=fetchroster(1,2,3);
>>>>for ($i=0; $i<$@#users) {
>>>>  echo "<message to=@user[$i]> In my new roster bla bla ";
>>>>}
>>>>createrostergroup(@users, "newrostergroup");
>>>>return @users;
>>>></script>
>>>></query>
>>>></iq>
>>>>
>>>>
>>>>        
>>>>
>>>Sorry but to me anyone doing something like this should be shot, having
>>>scripting send inside packets to be processed by the endpoint like this
>>>      
>>>
>is a
>  
>
>>>security hole of an enormous magnetude, and we definately should not be
>>>doing anything like this. This is kind of like word macros, it can have
>>>      
>>>
>some
>  
>
>>>benefits but the potential for abuse is massive, it would require all
>>>      
>>>
>sorts
>  
>
>>>of extra security stuff to even attempt to secure it. Overall I think the
>>>downsides are far more than the benefit of the convenience, the best
>>>      
>>>
>thing
>  
>
>>>is to continue doing what we have been doing and creating protocols for
>>>      
>>>
>set
>  
>
>>>purposes. We don't need the flexibility of a scripting system as we
>>>      
>>>
>already
>  
>
>>>have the flexibility/extensibility of XML and the jabber protocol to do
>>>things like this without creating massive security holes.
>>>
>>>      
>>>
>>Maybe not shot - only dipped into cold coffee for more than an hour ...
>>+1 - absolutely not supportable from my side.
>>    
>>
>
>Yea sorry, "... should be shot" is a common saying over here in the UK
>meaning that something someone has done is very bad/silly, its a tongue in
>cheek thing.
>
i guess i should get familiar with all those sayings ... tongue in 
cheek? now what's this, where should i put my tongue?  :-)

np

ulrich

>
>Richard
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
>
>  
>


-- 
Ulrich B. Staudinger
http://www.die-horde.de
email: us at die-horde.de
jid: uls at jabber.org

current project: REDHORN
http://redhorn.sourceforge.net

Blog: http://jabber.linux.it/jogger/user.php?jid=uls@jabber.org

More information about the JDev mailing list