[Standards] Re: [jdev] XEP-0115: Entity Capabilities
Richard Dobson
richard at dobson-i.net
Wed Jun 27 04:36:27 CDT 2007
Personally I think the easiest solution to the percieved "security"
issue (personally im not conviced you can really call it a true security
issue) is if you are going to create a long lived cache (i.e. on disk or
such like) that before you decide on your definative value to cache
generically (i.e. client/ver) that you use the results from several
different JIDs (e.g. 3 or 5 or something) and compare them, if they are
all the same it should be pretty safe to create a generic cache for that
tuple of client and version, if they dont all agree then you can then
consider those results and potensially poisoned or buggy and cache using
the jid/client/version tuple instead, simple and easy, no need to get
all het up about it.
Richard
More information about the Standards
mailing list