[jdev] XML Namespaces validation

Sergey Dobrov binary at jrudevels.org
Sun Apr 17 11:15:30 UTC 2011

On 04/15/2011 04:14 AM, Tomasz Sterna wrote:
> Dnia 2011-04-15, pią o godzinie 03:34 +0700, Sergey Dobrov pisze:
>>> This has been known for quite some time:
>>>     https://support.process-one.net/browse/EJAB-680
>>> I remember someone saying that not all servers are going to
>> implement
>>> such checks as it could hurt performance.
>> Thanks for the link. I see that bug is with low priority and I
>> understand that this check will be high cost performance. But I have
>> no idea how to prevent possible DoS attack to my services. 
> Server accepting an invalid stream and happily routing it is low
> priority???
> This is some strange prioritization...
> This shouldn't be your component job to check whether your server is
> sending invalid XML. The server should drop the offending stream in the
> first place.
> You can always switch your XMPP server to one in which XML parsing does
> not "hurt performance". ;-)
I don't see good alternatives for ejabberd. I need good Pubsub/PEP
support, message archiving and other main features to be implemented and
server should have good scalability.

With best regards,
Sergey Dobrov,
XMPP Developer and JRuDevels.org founder.

More information about the JDev mailing list