[jdev] XML Namespaces validation
tomek at xiaoka.com
Thu Apr 14 21:14:36 UTC 2011
Dnia 2011-04-15, pią o godzinie 03:34 +0700, Sergey Dobrov pisze:
> > This has been known for quite some time:
> > https://support.process-one.net/browse/EJAB-680
> > I remember someone saying that not all servers are going to
> > such checks as it could hurt performance.
> Thanks for the link. I see that bug is with low priority and I
> understand that this check will be high cost performance. But I have
> no idea how to prevent possible DoS attack to my services.
Server accepting an invalid stream and happily routing it is low
This is some strange prioritization...
This shouldn't be your component job to check whether your server is
sending invalid XML. The server should drop the offending stream in the
You can always switch your XMPP server to one in which XML parsing does
not "hurt performance". ;-)
Instant Messaging Consultant : Open Source Developer
More information about the JDev