On Fri, Apr 01, 2005 at 09:51:29AM +0200, [EMAIL PROTECTED] wrote: > > Dialback prevents hostname spoofing. Servers are also required to > > enforce the from address to make sure that it matches the username > > with which the client authenticated. > > > > > Does someone know how to spoof a JID ? > > > > Um, we deliberately made that hard to do. > > Great !! Another reason for users to prefer Jabber to MSN !! > > But I'm working on a subject where I have to proove that we need tokens to > authenticate the users who want to chat with our IM client (based on Jabber). > For this reason, I'm looking for a way to spoof a client ID. Even if it's hard > to do, I would like to know where I can find the description (or the source > code) of the mechanism employed by a Jabber server.
It is difficult for *clients* to spoof from addresses. If you write a component, it is trusted by the server and therefore has permission to write from addresses without server enforcement. /psa _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
