[jdev] XML Namespaces validation

Tomasz Sterna tomek at xiaoka.com
Thu Apr 14 21:14:36 UTC 2011

Dnia 2011-04-15, pią o godzinie 03:34 +0700, Sergey Dobrov pisze:
> > This has been known for quite some time:
> >     https://support.process-one.net/browse/EJAB-680
> > 
> > I remember someone saying that not all servers are going to
> implement
> > such checks as it could hurt performance.
> > 
> Thanks for the link. I see that bug is with low priority and I
> understand that this check will be high cost performance. But I have
> no idea how to prevent possible DoS attack to my services. 

Server accepting an invalid stream and happily routing it is low
This is some strange prioritization...

This shouldn't be your component job to check whether your server is
sending invalid XML. The server should drop the offending stream in the
first place.

You can always switch your XMPP server to one in which XML parsing does
not "hurt performance". ;-)

Tomasz Sterna
Instant Messaging Consultant : Open Source Developer
http://tomasz.sterna.tv/  http://www.xiaoka.com/

More information about the JDev mailing list