[standards-jig] JEP-0025 "Jabber HTTP Polling": security

M.Kiesel maqi at exmail.de
Mon Apr 29 23:08:29 UTC 2002


On Mon, 29 Apr 2002, Thomas Parslow (PatRat) wrote:

> I'm not at all experienced with security stuff so there's probably
> something I'm missing but how about sending a hash of a randomly
> generated key with each request along with the key from the previous
> request (not hashed)?

That is a special case of the suggested protocol (don't hash 100 times but
only one time). It's a bit easier to implement but needs more bandwidth
which may be critical with a protocol that polls ~ once a second.

BTW that's a reason to leave the cookie away also and perhaps use base64
encoding for the hash (not hex encoding) which again saves some bytes.

Regards




More information about the Standards mailing list