On Sat, 16 Oct 2004 19:48:25 -0400, Justin <[EMAIL PROTECTED]> wrote:
Alexey Nezhdanov wrote:
XMPP-Core:jabberd 1.4.3 is distinctly NOT xmpp compliant. It was written long before xmpp and there are no active devlopers.
4.3 Stream Security
An entity SHOULD NOT attempt to send XML StanzasXML Stanzas over the stream before the stream has been authenticated, but if it does then the other entity MUST NOT accept such stanzas and SHOULD return a <not-authorized/> stream error and then terminate both the XML stream and the underlying TCP connection
jabberd 1.4.3 (at least on my host) sends stanzas immidiatedly upon connect, not waiting for dialback auth completion.
If you want xmpp compliance then select a modern jabber server.
Well, in this case it's not so much about XMPP compliance. It's just sounds like a big security leak, regardless which protocol it is meant to implement!
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mail.jabber.org/mailman/listinfo/jdev
