Richard Dobson wrote:
A remote server cannot tell the difference between a component and a client, and I would disbute your statement that its ok for components to be able to spoof messages, it certainly is not.
I was seeing the problem from the admin side: I can trust my components but not my clients and therefore the check should be enforced only for clients.
administrators, and if a spammer runs its own server, he or she could send any kined messages...).
No they cant, even if a spammer controls their own server they cannot spoof messages, it is designed into the protocol to prevent that.
Why? I don'get this. If I write my s2s component sending messages from [EMAIL PROTECTED], who can block me? AFAIK, from the outside nobody can detect that those are fake users.
Getting back to the original problem. Thus if a want to be able to have a webservice enabling users to send message with rpc-like calls, the only solution with the present server is to keep a connection open for any possible user of this server. Am I right?
(I'd like to avoid to authenticate each time a message is sent)
-- Fabio Forno, Ph.D. - Research Assistant Politecnico di Torino - Dip. Automatica e Informatica C.so Duca degli Abruzzi 24 - 10129 Torino (Italy) Phone: +39 011 2276 102 - JabberId: [EMAIL PROTECTED] _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
