On Thu, 8 Jan 2004 09:49:38 -0700, David Waite <[EMAIL PROTECTED]> wrote:...
This is why most public services now use web sites for registration rather than having it in-protocol, and add things like word entry and email address verification.
But why would a webbased DDOS attack be harder than an all client based one? It shouldn't be that hard to automate the posting of some forms!
HTTP/HTML is flexible enough to support challenge/response from an application server, most often in the form of a graphic depicting human readable text. AFAIK, the XMPP clients don't support this. If they did, XMPP client registration would probably be good enough for most.
Another reason for HTTP/HTML registration, is the need of sites to gather additional information, of a nature that may not fit into XMPPs framework.
However, as Jabber evolves further, there will soon enough be a point -for some people- that you don't really need an email address anymore (at most an SMTP <-> Jabber gateway). Should you be required to have an email address just so you can register a Jabber account?
Challenge response should be good enough, such that an email address is not necessary.
Thanks,
Mike
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
