[asterisk-dev] [Code Review] New application JabberReceive, implement SendText in chan_gtalk and chan_jingle
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Dec 15 10:46:21 CST 2008
On Mon, Dec 15, 2008 at 03:58:09PM +0000, Julian Lyndon-Smith wrote:
> Tzafrir Cohen wrote:
> > On Mon, Dec 15, 2008 at 02:00:02PM +0000, Julian Lyndon-Smith wrote:
> >
> >> [/me adds to the burden]
> >>
> >> Would anyone consider using the jabber receive as a source for AMI
> >> commands as well ?
> >>
> >
> > Who actually authenticates the user in this case? How difficult would it
> > be for me to sneak in a message pretending to be from someone else? Who
> > do I trust?
> >
>
> I would have thought that (just like the ami manager) you would have a
> list of JID's that are allowed to use the appropriate AMI commands.
So regarding my questions:
| Who actually authenticates the user in this case?
Remote XMPP servers authenticating the users (what about those relaying
the messages?)
| How difficult would it be for me to sneak in a message pretending to
| be from someone else?
I have no idea. I guess each server basically trusts all of its peers.
But I'm not familiar with how XMPP networks actually work.
| Who do I trust?
All the XMPP servers in that specific XMPP network? Or is it just a
specific one assigned that domain (by whom?)
And I guess that a more practical question would be: is authentication
by JID already in use anywhere for anything that is non-trivial?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list