[JDEV] Jabber HTTP Polling (JEP-0025)

Matthias Wimmer m at tthias.net
Thu Jan 23 09:52:45 CST 2003

Hi Wojciech!

Wojciech Dec wrote:

>What is the state of JEP-0025?  Is it free of security problem now?
>I mean this one of: sniff session ID - change password.  Is it solved
>by update to version 0.2 (2002-09-23)?
>Do JabberPollingServlet and JabberApplet implement the newest JEP-0025
I have adapted the JabberPollingServlet to be compatible with Clients 
that use version 0.2 of JEP-0025. But as it does not (yet?) support full 
version 0.2 (it doesn't bounce messages that weren't polled by the 
client if the client stopps polling) I havn't released this version.
I havn't implemented message bouncing to the Servlet, because I am 
unsure if it is the right place to do this. It would be much better to 
support this feature by a server component - but with the server 
component again it is a problem to deliver a Java-Applet on the same IP 
and port (you would have to implement a mini http server). Maybe I will 
write a combined version with a server extension and a module to apache 
that forwards polling requests to this server component. But nothing is 
sure yet.

Tot kijk

Fon: +49-(0)70 0770 07770       http://matthias-wimmer.de/
Fax: +49-(0)89-312 88 654       jabber://mawis@charente.de
HAM: DB1MW   OpenPGP: http://matthias-wimmer.de/encryption

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20030123/a9865c1a/attachment-0002.pgp>

More information about the JDev mailing list