[jdev] Jabber Spoofing on unique server
Peter Saint-Andre
stpeter at jabber.org
Fri Apr 1 10:03:34 CST 2005
On Fri, Apr 01, 2005 at 09:51:29AM +0200, micky501 at free.fr wrote:
> > Dialback prevents hostname spoofing. Servers are also required to
> > enforce the from address to make sure that it matches the username
> > with which the client authenticated.
> >
> > > Does someone know how to spoof a JID ?
> >
> > Um, we deliberately made that hard to do.
>
> Great !! Another reason for users to prefer Jabber to MSN !!
>
> But I'm working on a subject where I have to proove that we need tokens to
> authenticate the users who want to chat with our IM client (based on Jabber).
> For this reason, I'm looking for a way to spoof a client ID. Even if it's hard
> to do, I would like to know where I can find the description (or the source
> code) of the mechanism employed by a Jabber server.
It is difficult for *clients* to spoof from addresses. If you write a
component, it is trusted by the server and therefore has permission to
write from addresses without server enforcement.
/psa
More information about the JDev
mailing list