Hi Wojciech! Wojciech Dec wrote:
What is the state of JEP-0025? Is it free of security problem now?I have adapted the JabberPollingServlet to be compatible with Clients that use version 0.2 of JEP-0025. But as it does not (yet?) support full version 0.2 (it doesn't bounce messages that weren't polled by the client if the client stopps polling) I havn't released this version.
I mean this one of: sniff session ID - change password. Is it solved
by update to version 0.2 (2002-09-23)?
Do JabberPollingServlet and JabberApplet implement the newest JEP-0025
version?
I havn't implemented message bouncing to the Servlet, because I am unsure if it is the right place to do this. It would be much better to support this feature by a server component - but with the server component again it is a problem to deliver a Java-Applet on the same IP and port (you would have to implement a mini http server). Maybe I will write a combined version with a server extension and a module to apache that forwards polling requests to this server component. But nothing is sure yet.
Tot kijk
Matthias
--
Fon: +49-(0)70 0770 07770 http://matthias-wimmer.de/
Fax: +49-(0)89-312 88 654 jabber:[EMAIL PROTECTED]
HAM: DB1MW OpenPGP: http://matthias-wimmer.de/encryption
msg08457/pgp00000.pgp
Description: PGP signature
