[standards-jig] JEP-0025 "Jabber HTTP Polling": security
maqi at exmail.de
Mon Apr 29 23:08:29 UTC 2002
On Mon, 29 Apr 2002, Thomas Parslow (PatRat) wrote:
> I'm not at all experienced with security stuff so there's probably
> something I'm missing but how about sending a hash of a randomly
> generated key with each request along with the key from the previous
> request (not hashed)?
That is a special case of the suggested protocol (don't hash 100 times but
only one time). It's a bit easier to implement but needs more bandwidth
which may be critical with a protocol that polls ~ once a second.
BTW that's a reason to leave the cookie away also and perhaps use base64
encoding for the hash (not hex encoding) which again saves some bytes.
More information about the Standards