On Wed, Feb 27, 2013 at 9:07 PM, Maxthon Chan <[email protected]> wrote:
> 1) If the user is connecting to the DO/DN-based iMessage-clone server over > SSL, I think that we can assume that the user thinks that the data from > that particular server is trustable. Let alone on an iMessage clone, the > resulting data will be a plain NSString (or if you fancy, an > NSAttributedString) to be displayed. > That's a really bad practice. You should never trust anything outside your box. It's even the worst with your case, because the server is even opening DO port for any client. > > 2) And if we have the iMessage clone, I think the chat issue will be > solved. > > 在 2013-2-27,下午10:01,David Chisnall <[email protected]> 写道: > > > On 27 Feb 2013, at 13:53, Maxthon Chan <[email protected]> wrote: > > > >> Well then can we envelope DO in something that is secure enough, like > SSL or SSH tunnel? > > > > That would have no effect. The problem is taking DO messages from an > untrusted source, running them through a parser that was written for speed > (not security) and then firing the resulting messages. > > > >> As what I know, Apple's Push Notifications are DO over SSL and iMessage > works on that. > > > > No they aren't. They are nothing like DO, they are similar to > Distributed Notifications, which are not the same thing at all, and are > only vaguely similar to that. > > > >> If there is any way to do that using GNUstep and Étoilé, we can just > make an iMessage clone and enhance it with stuff like groups and friend > permissions. > > > > There is an example in my first Cocoa book using distributed > notifications to implement a simple chat client, but I wouldn't recommend > it for anything that has untrusted users (i.e. anything on the Internet). > > > >> Can GNUstep's NSSocketPort make use of SSL? > > > > Yes. > > > > David > > > > -- > > This email complies with ISO 3103 > > > > > > _______________________________________________ > > Etoile-discuss mailing list > > [email protected] > > https://mail.gna.org/listinfo/etoile-discuss > > > _______________________________________________ > Etoile-discuss mailing list > [email protected] > https://mail.gna.org/listinfo/etoile-discuss > -- I used to be a GNUstep developer like them, then I took an arrow in the knee...
_______________________________________________ Etoile-discuss mailing list [email protected] https://mail.gna.org/listinfo/etoile-discuss
