Hi Amit,
On Thu Jun 7 2007, Amit Fein wrote:
> 1. we found a security breach bug, in which the user's password is
> displayed in plain text in the log - here is the relevant line from our
> log -
I'm not convinced that this should be changed.
For one, the debug log should contain exactly what goes over the wire.
Further, non-SASL auth is deprecated and shouldn't be used anyway. Also, in
non-SASL auth, error replies coming in from the server may contain the
password as well.
By the way, XEP-0077 (In-Band Registration) is another case where the log may
contain clear text passwords.
> 2. we encounter problems when trying to send files (XEP-0096) - we
> keep getting error code 503 (service unavailable).
> we tried to play with the relevant definitions in the server,
> but that didn't help,
> we changed our file-transfer request to be exactly the same as
> the request other clients send (e.g, Spark), and that didn't help
> either.
> we even tried using your example (ft_send.cpp), but we got the
> same result.
I need more info here, logs etc.
cheers,
Jakob
Attachment:
pgpW51U12GIDP.pgp
Description: PGP signature