* Dave Cridland <[email protected]> [2014-05-07 23:05]: > It's probably worth noting, yes. The solution is to request an > acknowledgement, and if one isn't forthcoming, to ditch the connection, of > course.
It is not that easy, unfortunately. If the client is currently disconnected, the ultimate purpose of the stanza queue is to cache stanzas until the client reconnects. If you ditch the connection, you undermine the purpose of the XEP. It is wise to have a timeout mechanism for the client not responding to ack requests. However, the session should be kept for a defined time after that, to allow for a reconnection. IMHO, there should be a stanza limit per session/per JID, however once the limit is reached, new stanzas for that client should be rejected with an error without terminating the connection. If you do terminate the connection, you make the process susceptible to DoS attacks against clients on slow connections (or currently in the process of reconnecting). Georg -- || http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++ || gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ || || Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? || ++ IRCnet OFTC OPN ||_________________________________________________||
signature.asc
Description: Digital signature
