On Sat, Feb 1, 2014 at 11:20 AM, Alexander Holler <[email protected]> wrote: > Thijs Alkemade didn't wrote that an already broken server is necessary to > explore or do something malicious with "delaying" replies or whatever.
An already broken server is NOT necessary. The IQ from malicious user to target user might look like this: <iq to="[email protected]/Resource" id="someid123" type="result"> <query xmlns="jabber:iq:roster"> <item jid="[email protected]" subscription="both" /> </query> </iq> _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
