Difference between revisions of "Talk:Certified HTTP"

From Second Life Wiki
Jump to: navigation, search
(New page: ==X-Message-ID== How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same m...)
 
(X-Message-ID)
Line 2: Line 2:
  
 
How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body?  That would eliminate the undefined result of sending a message with the same message id but a a different body.  (Undefined results can be opportunities for exploits.) --[[User:Omei Turnbull|Omei Turnbull]] 20:21, 10 July 2007 (PDT)
 
How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body?  That would eliminate the undefined result of sending a message with the same message id but a a different body.  (Undefined results can be opportunities for exploits.) --[[User:Omei Turnbull|Omei Turnbull]] 20:21, 10 July 2007 (PDT)
 +
 +
:That wouldn't solve the problem, you would still be sending a message with the same message id if you sent two identical messages bodies. You would be guarantying a collision. It is really only an issue if two messages of the same ID are being processed at the same time. I think using $random_uuid is reasonable and in the event of a Message-ID collision or malformed Message-ID have the server return a [http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.13 412]. -- [[User:Strife Onizuka|Strife Onizuka]] 00:01, 11 July 2007 (PDT)

Revision as of 00:01, 11 July 2007

X-Message-ID

How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same message id but a a different body. (Undefined results can be opportunities for exploits.) --Omei Turnbull 20:21, 10 July 2007 (PDT)

That wouldn't solve the problem, you would still be sending a message with the same message id if you sent two identical messages bodies. You would be guarantying a collision. It is really only an issue if two messages of the same ID are being processed at the same time. I think using $random_uuid is reasonable and in the event of a Message-ID collision or malformed Message-ID have the server return a 412. -- Strife Onizuka 00:01, 11 July 2007 (PDT)