[jdev] Jabber Spoofing on unique server
Peter Saint-Andre
stpeter at jabber.org
Thu Mar 31 18:06:33 CST 2005
On Thu, Mar 31, 2005 at 04:14:02PM +0200, micky501 at free.fr wrote:
> I have a question concerning spoofing in Jabber. I would like to send a message
> to a user connected to the same server than me. When I change the "from"
> attributes in my <message> tag, nothing happens. I thought the dialback
> mechanism was only between 2 different servers. Is there another mechanism to
> prevent this kind of spoofing ?
Dialback prevents hostname spoofing. Servers are also required to
enforce the from address to make sure that it matches the username
with which the client authenticated.
> Does someone know how to spoof a JID ?
Um, we deliberately made that hard to do.
/psa
More information about the JDev
mailing list