[2] [standards-jig] Security problems with JEP-115

milk miruku at bonbon.net
Mon Sep 22 02:24:17 UTC 2003


Justin Karneges <justin-jdev at affinix.com> wrote on 21/09/2003 23:44:37:

>you wouldn't query any of these users again until 
>they upgrade and/or change clients.

how would your client (or you yourself) know they had upgraded/changed clients?

anyway, might it not just be easier to handle client version discovery in the same manner as an offline user last query; would it be possible for the target's server to 
automatically reply with the version information the target's client provided on login (highest prioroty or last active resource i'd assume?).





More information about the Standards mailing list