[JDEV] Filling public server's disk?
Mike Prince
mike at mikesatlas.com
Thu Jan 8 14:33:39 CST 2004
At 10:59 AM 1/8/2004, you wrote:
>On Thu, 8 Jan 2004 09:49:38 -0700, David Waite <mass at akuma.org> wrote:
>
>>This is why most public services now use web sites for registration
>>rather than having it in-protocol, and add things like word entry and
>>email address verification.
...
>But why would a webbased DDOS attack be harder than an all client based
>one? It shouldn't be that hard to automate the posting of some forms!
HTTP/HTML is flexible enough to support challenge/response from an
application server, most often in the form of a graphic depicting human
readable text. AFAIK, the XMPP clients don't support this. If they did,
XMPP client registration would probably be good enough for most.
Another reason for HTTP/HTML registration, is the need of sites to gather
additional information, of a nature that may not fit into XMPPs framework.
>However, as Jabber evolves further, there will soon enough be a point -for
>some people- that you don't really need an email address anymore (at most
>an SMTP <-> Jabber gateway). Should you be required to have an email
>address just so you can register a Jabber account?
Challenge response should be good enough, such that an email address is not
necessary.
Thanks,
Mike
More information about the JDev
mailing list