Project

General

Profile

Getting sender from Component packet

Matt Morten
Added over 4 years ago

Hi,

I've extended AbstractMessageReceiver and overridden processPacket(Packet). I want to get the user who sent the message. If I use packet.getFrom() or packet.getPacketFrom() it returns me "sess-man@myhost.com". I am forced to use packet.getStanzaFrom() to get the correct JID.

However, I'm concerned this is a security risk - could a user fake communication from another by simply spoofing their from="" in the packet? If so, is there a better way of getting the sender?

Thanks


Replies (2)

Added by kevin zhou over 4 years ago

StanzaFrom will be overrode by session manager with current user's jid in session, So there isn't security risk.

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 4 years ago

Yes, Kevin is correct. The XMPP spec requires that the server checks of the stanza from address is correct and valid for the user who sent the XMPP stanza. Tigase abides the spec requirement, therefore if there is stanzaFrom you can trust it is correct.

    (1-2/2)