On Fri, 26 Apr 2002, Michael F Lin wrote: > I would encourage everyone considering using JEP-0025 to review the > security discussion I carried out with the JEP authors [...] > http://mailman.jabber.org/pipermail/council/2002-April/000245.html
I think you are right, hijacking of HTTP polling Jabber sessions is very easy with this protocol. Adding a hash as proposed by you should solve this issue. Regards _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
