[Standards] Proposed XMPP Extension: Best Practices to Discourage Denial of Service Attacks Against XMPP Servers
stephan at spaceboyz.net
Mon Jan 29 20:58:52 UTC 2007
Section 4.5 Stanza Size
In example 2 the server responds with a stanza including all children.
Because the client has already exceeded the stanza size, the server
should reduce bandwidth usage by only including the <error/> child.
Example 3 looks like the right answer to an open element with megabytes
of text. It should be hinted that this DoS protection should occur at
the XML parser level.
Is there already some kind of negotiation of stanza sizes, preventing
users from just pasting a 1M document inside their clients?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Standards