I would encourage everyone considering using JEP-0025 to review the security discussion I carried out with the JEP authors on the Jabber Council mailing list. I do not want to detract from the usefulness of Jabber, Inc.'s web client, but there are some potential security problems with the protocol which you should at least be aware of. My main concerns are laid out in:
http://mailman.jabber.org/pipermail/council/2002-April/000245.html -Mike |---------+----------------------------> | | Dave Waite | | | <[EMAIL PROTECTED]> | | | Sent by: | | | jdev-admin@jabber| | | .org | | | | | | | | | 04/26/2002 03:14 | | | PM | | | Please respond to| | | jdev | | | | |---------+----------------------------> >------------------------------------------------------------------------------------------------------------------------------| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: Re: [JDEV] open source webclient on port 80 + moderated chat | | | | | >------------------------------------------------------------------------------------------------------------------------------| It may support the proxy trick - basically you just tell your HTTP proxy to connect to port 5222, say its a really long HTTP document to your proxy and start tunneling data that way. The JEP-25 method has the benefits of actually using port 80 and not requiring the long-lived HTTP connection. -David Waite Dave wrote: >Doesn't Jarl also support that? >Ryan??? > >Dave Cohen <[EMAIL PROTECTED]> > > >Peter Millard wrote: > >>----- Original Message ----- >>From: <[EMAIL PROTECTED]> >>[stuff munched..] >> >>>But there is neither code for the open source jabberd nor an open source >>>client that supports this access method? >>> >>Exodus supports HTTP polling using the protocol layed out in JEP-25. There >>is no open-source implementation of that JEP though :( >> >>Peter M. >> >> >>_______________________________________________ >>jdev mailing list >>[EMAIL PROTECTED] >>http://mailman.jabber.org/listinfo/jdev >> > >_______________________________________________ >jdev mailing list >[EMAIL PROTECTED] >http://mailman.jabber.org/listinfo/jdev > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
