In order to communicate between instances of Totally, we'll be using the Jabber protocol. It's XML based, which is great. It also offers an SSL mode of connecting to a Jabber server, so for me, that's a good thing.
And because session ID's and digital certificates will only be known to the communicating copies of Totally, it'll make it hard for a cracker to connect to a running instance of Totally using some Jabber client. They'd have to work very hard in order to fake a connection - and what will they get even if they do? A whole stream of 128bit cryptographically secure data.
I think we're safe - but I've been wrong before.
No comments:
Post a Comment