[Members] Jabber Software Map

Hal Rottenberg halr9000 at gmail.com
Fri Dec 2 09:23:47 CST 2005


On 12/2/05, Nolan Eakins <sneakin at semanticgap.com> wrote:
> Jesus Cea wrote:
> > Ulrich Staudinger wrote:
> >
> >>you don't mean that serious do you ? If i would always have to reply to
> >>a message when i want to login at a website i would have a look once and
> >>never return!
> >
> >
> > Cookies could be useful here, then. Only send the IM to the user if
> > his/her browser doesn't give a appropiate cookie.
> >
>
> Ok, that doesn't sound safe at all. XSS is ringing in my ears with that one.

I still like the idea of having a web form input causing a token to be
sent to your JID.

Enter your JID: bob at bob.com <submit>
---
"Hi, please click on this link to continue:
http://software.jabber.org/cp/randomtokenstringhere"
---

How can we make this work without introducing vulnerabilities?

--
Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc
http://halr9000.com


More information about the Members mailing list