Talk:Certified HTTP

From Second Life Wiki
Jump to navigation Jump to search

X-Message-ID

How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same message id but a a different body. (Undefined results can be opportunities for exploits.) --Omei Turnbull 20:21, 10 July 2007 (PDT)

That wouldn't solve the problem, you would still be sending a message with the same message id if you sent two identical messages bodies. You would be guarantying a collision. It is really only an issue if two messages of the same ID are being processed at the same time. I think using $random_uuid is reasonable and in the event of a Message-ID collision or malformed Message-ID have the server return a 412. -- Strife Onizuka 00:01, 11 July 2007 (PDT)
Retrieved from "https://wiki.secondlife.com/w/index.php?title=Talk:Certified_HTTP&oldid=25275"