[asterisk-dev] [Code Review] New application JabberReceive, implement SendText in chan_gtalk and chan_jingle

Tzafrir Cohen tzafrir.cohen at xorcom.com
Mon Dec 15 10:46:21 CST 2008


On Mon, Dec 15, 2008 at 03:58:09PM +0000, Julian Lyndon-Smith wrote:
> Tzafrir Cohen wrote:
> > On Mon, Dec 15, 2008 at 02:00:02PM +0000, Julian Lyndon-Smith wrote:
> >   
> >> [/me adds to the burden]
> >>
> >> Would anyone consider using the jabber receive as a source for AMI 
> >> commands as well ?
> >>     
> >
> > Who actually authenticates the user in this case? How difficult would it
> > be for me to sneak in a message pretending to be from someone else? Who
> > do I trust?
> >   
> 
> I would have thought that (just like the ami manager) you would have a 
> list of JID's that are allowed to use the appropriate AMI commands.

So regarding my questions:

| Who actually authenticates the user in this case? 

Remote XMPP servers authenticating the users (what about those relaying
the messages?)

| How difficult would it be for me to sneak in a message pretending to 
| be from someone else? 

I have no idea. I guess each server basically trusts all of its peers.
But I'm not familiar with how XMPP networks actually work.

| Who do I trust?

All the XMPP servers in that specific XMPP network? Or is it just a
specific one assigned that domain (by whom?)


And I guess that a more practical question would be: is authentication
by JID already in use anywhere for anything that is non-trivial?

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-dev mailing list