On 6/27/07, Richard Dobson <[EMAIL PROTECTED]> wrote:
Personally I think the easiest solution to the percieved "security" issue (personally im not conviced you can really call it a true security
If user1 is able to break my communications with user2 (by fooling my client with incorrect capabilities) without requiring of my approval I would call this a security issue.
issue) is if you are going to create a long lived cache (i.e. on disk or such like) that before you decide on your definative value to cache generically (i.e. client/ver) that you use the results from several different JIDs (e.g. 3 or 5 or something) and compare them, if they are
There could be a problem with filling the cache with incorrect information about not-released-yet versions of some client. After the actual release users will be surprised. (Though this issue arises only if the cache is persistent.)
all the same it should be pretty safe to create a generic cache for that tuple of client and version, if they dont all agree then you can then consider those results and potensially poisoned or buggy and cache using the jid/client/version tuple instead, simple and easy, no need to get all het up about it.
Looks not 'simple and easy'... Best wishes! -- Sergei Golovan
