[jdev] Spoofing of iq ids and misbehaving servers
Sergei Golovan
sgolovan at nes.ru
Thu Jan 30 13:08:20 UTC 2014
Hi Thijs,
On Thu, Jan 30, 2014 at 4:49 PM, Thijs Alkemade <me at thijsalkema.de> wrote:
> But what baffles me even more is that it almost appears like nobody else ever
> ran into this problem. Is it really the case that every XMPP client out there
> does not check for the correct 'from' on result iqs either? Or have they all
> implemented workarounds to deal with the incorrect behavior of the servers
> listed above?
I faced the same problem in Tkabber a while ago. And a bit more. The
other issue with this 'to'-'from' tracking is that you'll have to
implement proper JID matching (with stringprep), which wasn't
available in Tkabber at the moment.
So, I've ended up using random ids (not long though and generated by
not a sophisticated PRNG, but still).
Cheers!
--
Sergei Golovan
More information about the JDev
mailing list