i agree with your point of view in many ways - developers have complained very often about this error in the DTD, for obvious reasons.
However i don't understand why you don't use iq-set with an embedded x-tag. it's maybe semantically not the same (get / set), however it is exactly what you are looking for .... imo
ulrich
Bernino Lind wrote:
Dear Richard,
I agree very much - it is always a distinction between features and flexibility vs. potential exploits etc. : who said java, javascript, word macros etc...
However I do not agree with your point that jabber is already flexible enough due to its reliance on XML.
XML is just a protocol for metatyping data structures. XML does not contain any logics, loop constructs nor control statements and certainly not any sort of mathematical manipulation.
This results in a rigid framework where one has to create external components for every damn little service one wishes to create ontop of the jabber server.
Thats what Im searching for with respect to a solution - I dont care if it is a scripting solution, a backend solution or something third; but adding some middleware (perl, python, ..., other high level language) to jabber would be really nice.
Let me give just one more example, DJ Adams coffee machine check. Say Mr. Adams would like to get a statistical analysis of whom uses his external component.
What is required would be that his external component puts a flag in a database. Then he should add a namespace via xdb in order to retrieve the stats and have an external component that catches this packet and does a SQL statement.
Lets assume this works so that I can say:
<iq type="get"> <query xmlns="coffee:stats"/> </iq>
And the result being a top10 (its just bogus packets, which cant be used...):
<iq type="result"> <item> <username>blabla</username> <visits>10</visits> </item> <item> <username>blabla</username> <visits>5</visits> </item> <item> <username>blabla</username> <visits>3</visits> </item> ....etc. </iq>
Ok, lets say that now I want a top 20.
In jabber what I must do now is to create a new namespace that expands to a SQL stament that fetches the 20 best.
Now I want a top 100. Same story.
What is missing? a method for passing data along with a iq-get packet:
<iq type="get"> <query xmlns="coffee:stats"> <top>20</top> </query> </iq>
Such a packet is not allowed. The <top> section is simply chopped off...! Why? Because jabber was appearently not intended to anything but instant messenger.
In the game I have done which uses jabber as XML socket server, I have some +20 different namespaces many of which have exactly the same function just different parameters.
It might be me who is lame and doesnt understand how to use JEP 004 but I think many many developers out there have had similar problems - I know since I have had private questions from some 10 different persons asking how I have done the external component.
best regards, Bernino Lind
What I picture is that one could have a scripting languague within the packets, for example:
<iq type="get">
<query xmlns="bla bla">
<script>
@users=fetchroster(1,2,3);
for ($i=0; $i<[EMAIL PROTECTED]) {
echo "<message [EMAIL PROTECTED]> In my new roster bla bla ";
}
createrostergroup(@users, "newrostergroup");
return @users;
</script>
</query>
</iq>
Sorry but to me anyone doing something like this should be shot, having scripting send inside packets to be processed by the endpoint like this is a security hole of an enormous magnetude, and we definately should not be doing anything like this. This is kind of like word macros, it can have some benefits but the potential for abuse is massive, it would require all sorts of extra security stuff to even attempt to secure it. Overall I think the downsides are far more than the benefit of the convenience, the best thing is to continue doing what we have been doing and creating protocols for set purposes. We don't need the flexibility of a scripting system as we already have the flexibility/extensibility of XML and the jabber protocol to do things like this without creating massive security holes.
Richard
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
-- Ulrich B. Staudinger http://www.die-horde.de email: [EMAIL PROTECTED] jid: [EMAIL PROTECTED]
current project: REDHORN http://redhorn.sourceforge.net
Blog: http://jabber.linux.it/jogger/[EMAIL PROTECTED]
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
