[JDEV] Re: jabber; what would you like to see?

Richard Dobson richard at dobson-i.net
Thu Sep 25 05:29:41 CDT 2003

> What I picture is that one could have a scripting languague within the
> packets, for example:
> <iq type="get">
> <query xmlns="bla bla">
> <script>
> @users=fetchroster(1,2,3);
> for ($i=0; $i<$@#users) {
>    echo "<message to=@user[$i]> In my new roster bla bla ";
> }
> createrostergroup(@users, "newrostergroup");
> return @users;
> </script>
> </query>
> </iq>

Sorry but to me anyone doing something like this should be shot, having
scripting send inside packets to be processed by the endpoint like this is a
security hole of an enormous magnetude, and we definately should not be
doing anything like this. This is kind of like word macros, it can have some
benefits but the potential for abuse is massive, it would require all sorts
of extra security stuff to even attempt to secure it. Overall I think the
downsides are far more than the benefit of the convenience, the best thing
is to continue doing what we have been doing and creating protocols for set
purposes. We don't need the flexibility of a scripting system as we already
have the flexibility/extensibility of XML and the jabber protocol to do
things like this without creating massive security holes.


More information about the JDev mailing list