[JDEV] Jabber server in Java

Iain Shigeoka iainshigeoka at yahoo.com
Sun Jul 1 13:04:14 CDT 2001

--- Al Sutton <al at alsutton.com> wrote:
> I've started coding a jabber server in Java, It's still in the very
> early
> stages, but I would like to know if anyone else has been working on this
> so
> I can avoid duplicating effort.

I'm working on a mini Jabber server in Java mostly to explore the Jabber
standards and think about compliance (oh boy, if you've been trying a
"cleanroom" style implementation I bet we could create a pretty good
"current protocols are in bad shape" club!).  ;)  I do have thoughts of
creating a parallel version that is targetted at the "enterprise level"
server market so the mini server uses the new java.nio.* stuff from JDK

One of my primary explorations focus on the area of security with Jabber
(my current impression being that things are Not Good(tm)).  For example,
there seems to be a built-in assumption that client's must trust their
server (a situation that seems obviously ripe for exploitation) and that
server's trust each other (a possibly worse assumption).  Pretty much
every man-in-the-middle and packet spoofing attack seems to be effective
against a Jabber server...  I noticed you're signed up for the security
JIG so I'd love to hear your thoughts on this topic and if you've been
thinking/looking at these issues.

Oh, to summarize, I'd love to talk about collaboration.  :)


Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail

More information about the JDev mailing list