Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Sep 8 09:37:38 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.14.1/8.14.1) with ESMTP id m88Gbc68023598 for ; Mon, 8 Sep 2008 09:37:38 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.14.2/8.14.1) with ESMTP id m88Gac4v003570 for ; Mon, 8 Sep 2008 09:36:38 -0700 Message-Id: <200809081636.m88Gac4v003570@bourbon.usc.edu> To: cs551@merlot.usc.edu Subject: Re: sending request to server Date: Mon, 08 Sep 2008 09:36:38 -0700 From: Bill Cheng Someone wrote: > I have a doubt regarding the statement in the spec "if the request cannot be > identified by the server or its a malformed message, then the server sends > an all fail response back". Does this mean that the client doesn't check the > request type (i.e. whether the request type falls within get, fsz, adr) > before sending it to server? This may mean that the your server is talking to a malicious client. > If the client still needs to check the request type and the type doesn't > fall within these three options, should it still send request to the server? > If yes, then how will the message type field in the message look like? You should implement your client according to the spec. You should implement your server such that it will not crash if a connecting client is malicious! The opposite is also true. You should implement your server according to the spec. You should implement your client such that it will not crash if a connecting server is malicious! -- Bill Cheng // bill.cheng@usc.edu