[Operators] [Fwd: [ejabberd] Your server is a part of spammer/flood botnet!]
sean at duke.edu
Mon May 5 08:48:38 CDT 2008
Peter Saint-Andre wrote:
> On 05/05/2008 2:26 AM, Tomasz Sterna wrote:
>> Dnia 2008-05-04, nie o godzinie 22:09 -0600, Peter Saint-Andre pisze:
>>> However, that doesn't give you a real workflow. For most EBIA (email
>>> based identification and authentication) systems you visit the
>>> receive an email with a token, and visit the website again, at which
>>> time you provide the token. Right now we don't have a way to do that
>>> XEP-0077, but we might be able to do it with some combination of XEPs
>>> 77, 158, and 235.
>> Or go wacko and define something like HTML over XMPP and let the people
>> code the workflows anyhow they wish. :-)
> Right. But the XMPP server will probably time you out if you maintain an
> open connection that long without completing the registration process
> (because there may a denial of service attack that's possible if you
> flood the server with registration attempts).
Unfortunately, my experience has shown that that is *not* the case with
ejabberd 1.1.4. It will gladly allow you to maintain as many unauthed
connections as you want, for as long as you want.
More information about the Operators