[jdev] Re: XHTML-IM XEP implementation
Alexander Gnauck
gnauck at ag-software.de
Thu Jan 4 16:18:47 CST 2007
Justin Karneges wrote:
> This begs the question: what is too big? Currently, we consider stanza size
> to be somewhat unbounded, as XMPP-Core imposes no size maximum. But I
> believe we do need some mechanism for a stanza maximum size, otherwise XMPP
> software is prone to denial-of-service attacks.
>
> However, email has no maximum size, and we probably have a great many XEPs
> assuming an unbounded size as well. Thus, as soon as we apply a stanza size
> maximum (which, I'm prepared to argue, is 100% necessary), we may run into
> trouble with our existing protocols.
>
> I think this is something we need to discuss.
agreed
but the max stanza size depends mostly on the server configuration. We
can recommend a number in the RFC and make a note about possible DNS
attacks and memory overflows if a server allows a unlimited stanza size
and XML depth. I think a client should be able to retrieve the max
stanza size using disco and cache it.
Alex
More information about the JDev
mailing list