Closed daniele-athome closed 8 years ago
The <delay/> element could be used to forge sent timestamp. If not done yet by Tigase, ensure that the <delay/> element is stripped for incoming messages from clients.
<delay/>
https://projects.tigase.org/boards/4/topics/6274
Dropping this in favour of a more secure management based on cryptography (that is, signature timestamp).
The
<delay/>
element could be used to forge sent timestamp. If not done yet by Tigase, ensure that the<delay/>
element is stripped for incoming messages from clients.https://projects.tigase.org/boards/4/topics/6274