On Aug 29, 2011, at 15:43, Peter Saint-Andre wrote: > On 8/29/11 11:50 AM, Kim Alvefur wrote: >> Or act as if the client sent <foobar/>. Ie error and (maybe?) close the >> stream. > > Well, <foobar/> would result in the <unsupported-stanza-type/> > condition. Here the <auth/> element is acceptable in general, but not at > this point in the stream. For stanza errors we have a condition of > <unexpected-request/> but we don't have that for stream errors. If we > did, that's what I'd recommend sending. (Although does this really > warrant closing the stream?) >
There is also <policy-violation/>, if <not-authorized/> seems odd. And I think I would consider a subsequent attempt to authenticate worthy of closing the stream. It's a re-authorization request, which could very well mean some form of hijacking has taken place. - m&m <http://goo.gl/voEzk> _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
