[Standards] Proposed XMPP Extension: Best Practices to Discourage Denial of Service Attacks Against XMPP Servers
stpeter at jabber.org
Mon Jan 29 22:41:10 UTC 2007
Stephan Maka wrote:
> Section 4.5 Stanza Size
> In example 2 the server responds with a stanza including all children.
> Because the client has already exceeded the stanza size, the server
> should reduce bandwidth usage by only including the <error/> child.
Well, stanza size restrictions apply to what the client sends, not what
the server sends. But it's a good idea for the server not to include the
payload in a case like that.
> Example 3 looks like the right answer to an open element with megabytes
> of text. It should be hinted that this DoS protection should occur at
> the XML parser level.
Agreed. There are no hard and fast rules for when to send a stanza error
and when to send a stream error, but sometimes the server needs to
> Is there already some kind of negotiation of stanza sizes, preventing
> users from just pasting a 1M document inside their clients?
XMPP Standards Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards