we're in the process of building some functionality on top of an existing Jabber client. I'm wondering if the following is possible :
Adding metadata/custom fields per user such as gender, age
Is is possible to search by the custom fields (for example, get me all females between 20 and 30 who live in Canada)
Can you get a list of "who's online"
Can you message someone who's not in your friend's list ?
Does the protocol support file/image transfer ?
thanks in advance.
Yes
This would require support for XEP-0055 with dataforms (I think). I can't say as to whether any server will support this out of the box or some customization might be required.
Only if it supports the appropriate ad-hoc command from XEP-0133.
Yes. You can message any JID.
Yes, pretty much any XMPP client will have this already. There is support for multiple methods of transfer built into the protocol.
In the future, you should limit the scope of your questions or you risk having them closed. Asking multiple questions in one question typically leads them being closed.
Related
We have a lot of doubts concerning the changes in the Messenger Platform’s policies.
There is HUMAN_AGENT tag (for which we have already asked permission) which seems to be the one that adapts the most to our processes, but 7 days is still insufficient for us. Could we answer with this “message_tag” 20 days after a user message? What can we do in this case? We have to find a way not to leave the user without an answer.
We plan on using one of the above-mentioned CONFIRMED_EVENT_UPDATE to answer all user messages outside of the 24 hour window. Are there any penalties for us doing so? If there are, what are the penalties? Are they applied at the company level or the page level? None of the messages sent by our company contain what you want to avoid (spams, special offers, discounts, etc.) so we don’t think we should recieve any penalty even when using “message_tags”.
We have thought about using the normal answer and, if the “This message is sent outside of the allowed window” error message appears, we will answer using “message_tags”. Is there any problem for using the first call on a recurrent basis giving errors or should we avoid it? Avoiding it might cause to send unnecesary “message_tags”. Could we answer all private messages using HUMAN_AGENT when it is approved (our answers are always given by a customer service agent)?
Best regards
You do not mention your actual use case, so nobody can suggest any message tags that would match that use case.
Without knowing that use case the answer to your questions can only be:
1) There is no way to extend the 7 days window for human agent tag. If you get approved for it you have a 7 days windows, not 8 and not 20. However most user actions reset that window you should follow up within that window and and make sure the user engages with your bot so the window is reset and you have another 7 days for another update.
2) Abusing tags will most likely result in your page being restricted, make sure to only use them for the allowed use cases as listed in the docs: https://developers.facebook.com/docs/messenger-platform/send-messages/message-tags/
Hi everyone and sorry for my bad English.
I'm learning penetration testing.
After reconnaissance and scanning of my target, I have enough information to pass to next phase.
Some info I have is open ports with related running services, names of the services, service's versions, operative system of the device, firewalls used, etc.)
I launched the mfs console.
I should find the correct exploit and payload, based on the information collected to gain access. I've read the Metasploit Unleashed guide on offensive-security. I've learned the Metasploit Fundamentals and the use of mfs console.
But I don't understand the way to start all of this. Assuming that my target has 20 ports open, I want test the vulnerability using an exploit payload that do not require user interaction. The possibilities of which exploit and payloads to use are now reduced, but are always too. Searching and testing all exploit and payloads for each ports isn't good! So, if i don't know the vulnerability of the target, how do I proceed?
I would like to be aware of what I do. and do not try without understanding.
Couple of things:
We have a stack exchange for security! Check it out at https://security.stackexchange.com/
For an answer: you want to look for "remote exploits", as those do not require user interaction. you can find a curated list of exploits here: https://www.exploit-db.com/remote/
You can search the services on this page for something that matches the same service/version as your attack vector.
I have an app that has 2 versions : 1 on iPhone, 1 on Android.
I want my 2 apps to communicate in real time. The use cases are :
User A sees a friends list, pick a user B and click on "share an item"
User B get a notification saying that user A wans to share an item with him
User B accepts, the transaction takes place, and both users are notified that it goes well.
I thought about using a simple HTTP transaction, but that would polling for the user therefore not a nice user experience.
I think XMPP would fit nicely, but I'm not quite sure how flexible this solution can be ( what if I want to keep my users information on a separate server also etc. ). I also consider using a raw TCP socket ( Node.js on the server is fairly easy to operate ).
What's the best solution at the moment ?
Well, your requirements are pretty much:
Real time
Friend list
Presence
Sharing of data
These are all features of XMPP, and there are library implementation available in multiple languages. Smack for Java and xmppframework for Objective C will cover your particular use case.
You could of course write this yourself from the socket layer up, but why bother when there are existing standardized protocols and libraries available to do what you need. This way when you want to add Blackberry or any other platform to your list, I am sure
you can easily find the right library to support your app without having to build from the ground up.
how can i update my avtar - login user avtar (photo) in xmpp using iphone SDK (XMPPStream) ?
i have XMPPvCardAvatarModule (but not having method description) so not able to get how to use its methods to update avtar(image) ?? Can any one post sample code & links to understand that, i am stuck with this problem !! Thanks.
Most folks use XEP-153 for avatars. But please be careful implementing this. If you get your hash logic wrong, and you don't do negative caching, it wreaks havoc on the network as your client constantly re-queries for vcards that will never match the hash they're given. Please do NOT set your client to send vcard queries to everyone on your roster every time you log in -- please heed the MUST in the XEP for caching avatars, or do NOT implement this feature.
Also, please be aware the community hopes to one day move to XEP-84, which has the potential to be more efficient in certain cases.
UPDATED
overview of the problem
I am developing a public idea sharing
website, where any user(after creating
an account) can submit ideas; they
will then be reviewed & rated by our
internal reviewers. And only the best
submitted ideas will be published.
These ideas can now be voted by anyone
anonymously. And for each 1000 idea
votes, we will reward idea authors
with say $0.5.
I'm using an anonymous voting system where each vote is identified by a combination of IP address and User-agent.
But since we are rewarding users with cash , I fear this voting system could be manipulated!
Measures I've thought of taking:
Voting only with javascript enabled( using ajax) - to make sure votes come from browsers alone.
Also considering to receive votes, only from the most commonly used browsers.
Can this kind of voting work effectively without much loopholes?
Any good solutions for anonymous voting systems?
Wow! this link is helpful: What is a reliable method to record votes from anonymous users, without allowing duplicates
authentication based on the users account (credit card, checking account ..) Or how is the money payed out?
This won't work. People can easily masquerade under a different user agent, regardless of whether or not it's a "commonly used browser" or if Javascript is enabled. It doesn't make any sense why you think limiting voting to users with common browsers will do anything at all. Client-side scripts could also be written to cast votes, even if you require Javascript to be enabled. Not even IP addresses are immune from spoofing; for example, the user could work from behind a proxy server. Also consider that there could be more than one user who shares the same IP: dynamic IP addresses are quite common, and large ISPs frequently re-use IP addresses by allocating them to different users at different times.
I already voted to close this as off-topic, but it looks like it's also a duplicate: Limit 1 vote per IP Address?