What I picture is that one could have a scripting languague within the packets, for example:
<iq type="get">
<query xmlns="bla bla">
<script>
@users=fetchroster(1,2,3);
for ($i=0; $i<[EMAIL PROTECTED]) {
echo "<message [EMAIL PROTECTED]> In my new roster bla bla ";
}
createrostergroup(@users, "newrostergroup");
return @users;
</script>
</query>
</iq>
Sorry but to me anyone doing something like this should be shot, having scripting send inside packets to be processed by the endpoint like this is a security hole of an enormous magnetude, and we definately should not be doing anything like this. This is kind of like word macros, it can have some benefits but the potential for abuse is massive, it would require all sorts of extra security stuff to even attempt to secure it. Overall I think the downsides are far more than the benefit of the convenience, the best thing is to continue doing what we have been doing and creating protocols for set purposes. We don't need the flexibility of a scripting system as we already have the flexibility/extensibility of XML and the jabber protocol to do things like this without creating massive security holes.
Maybe not shot - only dipped into cold coffee for more than an hour ... +1 - absolutely not supportable from my side.
Richard
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
-- Ulrich B. Staudinger http://www.die-horde.de email: [EMAIL PROTECTED] jid: [EMAIL PROTECTED]
current project: REDHORN http://redhorn.sourceforge.net
Blog: http://jabber.linux.it/jogger/[EMAIL PROTECTED]
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
