Michal 'vorner' Vaner wrote: > Hello > > On Fri, Jun 22, 2007 at 03:07:05PM -0600, Peter Saint-Andre wrote: >> Currently, the XML schema for the jabber:iq:roster namespace does not >> limit the length of an item name or a group name. I think that might >> cause problems. In particular I think it might be good to specify that: >> >> 1. The 'name' attribute can be a string between 0 and 1023 characters in >> length. [1] >> >> 2. The XML character data of the <group/> element can be a string >> between 1 and 1023 characters in length. >> >> Objections? > > I see one possible problem. If you leave the length infinite, everyone > counts with it as with infinite. If you set the length to N characters, > this may happen: > > • Someone says "no more than N will come" and may get a buffer > overflow/whatever. > > • Someone checks it is short enough to fit into a buffer, but uses N > bytes instead of characters. > > What was the problem with infinite length? (Especially, when we do not > know how much memory it can take anyway).
Typically, both the handle (i.e., the value of the 'name' attribute) and the group name are stored in a database. If you can put the complete text of RFC 3920 as the handle and the complete text of RFC 3921 as the group name, then those values probably can't be stored as sent. Also if these strings can be of infinite length then the packets may become too big to process in the server (10 Meg roster set, anyone?). It seems reasonable to limit the sizes. I doubt that anyone will ever set handles or group names to be even 1024 characters in length, but at least that limit will enable client and server developers to handle the roster items and make sure that roster sets and pushes can be processed. Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature