Talk:Certified HTTP

From Second Life Wiki
Revision as of 00:01, 11 July 2007 by Strife Onizuka (Talk | contribs)

Jump to: navigation, search

X-Message-ID

How about replacing the $random_uuid with an MD5 (or stronger) digest of the message body? That would eliminate the undefined result of sending a message with the same message id but a a different body. (Undefined results can be opportunities for exploits.) --Omei Turnbull 20:21, 10 July 2007 (PDT)

That wouldn't solve the problem, you would still be sending a message with the same message id if you sent two identical messages bodies. You would be guarantying a collision. It is really only an issue if two messages of the same ID are being processed at the same time. I think using $random_uuid is reasonable and in the event of a Message-ID collision or malformed Message-ID have the server return a 412. -- Strife Onizuka 00:01, 11 July 2007 (PDT)