Emile Cormier
Emile Cormier
From a data security perspective, the WAMP-CRA scheme as it currently stands is only marginally better than storing the passwords in plain text. Except for the Heartbleed exploit, most of...
I believe the WAMP-CRA vulnerability would be classified as [Pass the Hash](https://en.wikipedia.org/wiki/Pass_the_hash).
@oberstet > Since: I would say, the lack of protection against database theft is not an actual security hole, but a security limit. I'm afraid I disagree about it not...
It's been three years, and the WAMP-CRA spec has not yet been updated to mention the security implications. It's vital that users/implementors of WAMP be aware of the database theft...
When transcoding from CBOR to JSON, the`\0` trick is necessary in order for the binary data to be round-trippable back to a CBOR byte string. The leading `\0` trick/hack has...
The Meta API is mapped to feature announcement attributes as follows: | Feature | Announced In | | --- | --- | | Subscription Meta Events and Procedures | Details.roles.broker...
@oberstet , what was the rationale behind the [Subscriber Meta Events](https://github.com/tavendo/WAMP/blob/master/spec/advanced.md#subscriber-meta-events) section? Couldn't that feature be implemented in terms in the Meta API? Is it because the Meta API doesn't...
I'm working right now on consolidating the Meta API in its own section, while reusing your existing material in the Crossbar docs you cited. I'll be proposing alternate feature announcement...
Submitted PR #179.
The "special treatment" given to `session_meta_api` doesn't settle quite well with me, but I don't think it's much of an issue from a practical standpoint. With the meta API announcement...