[jdev] Jabber Spoofing on unique server

micky501 at free.fr micky501 at free.fr
Fri Apr 1 01:51:29 CST 2005

> Dialback prevents hostname spoofing. Servers are also required to
> enforce the from address to make sure that it matches the username
> with which the client authenticated.
> > Does someone know how to spoof a JID ?
> Um, we deliberately made that hard to do.

Great !! Another reason for users to prefer Jabber to MSN !!

But I'm working on a subject where I have to proove that we need tokens to
authenticate the users who want to chat with our IM client (based on Jabber).
For this reason, I'm looking for a way to spoof a client ID. Even if it's hard
to do, I would like to know where I can find the description (or the source
code) of the mechanism employed by a Jabber server.


More information about the JDev mailing list