Validation of hostname is now disabled by default.

git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@3030 b35dd754-fafc-0310-a699-88a17e54d16e

src/java/org/jivesoftware/messenger/net/ClientSocketReader.java

@@ -16,6 +16,7 @@ import org.jivesoftware.messenger.ClientSession;
 import org.jivesoftware.messenger.PacketRouter;
 import org.jivesoftware.messenger.XMPPServer;
 import org.jivesoftware.messenger.auth.UnauthorizedException;
+import org.jivesoftware.util.JiveGlobals;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmpp.packet.IQ;
 import org.xmpp.packet.Message;
@@ -27,7 +28,13 @@ import java.net.Socket;
 /**
  * A SocketReader specialized for client connections. This reader will be used when the open
  * stream contains a jabber:client namespace. Received packet will have their FROM attribute
- * overriden to avoid spoofing.
+ * overriden to avoid spoofing.<p>
+ *
+ * By default the hostname specified in the stream header sent by clients will not be validated.
+ * When validated the TO attribute of the stream header has to match the server name or a valid
+ * subdomain. If the value of the 'to' attribute is not valid then a host-unknown error
+ * will be returned. To enable the validation set the system property
+ * <b>xmpp.client.validate.host</b> to true.
  *
  * @author Gaston Dombiak
  */
@@ -82,7 +89,7 @@ public class ClientSocketReader extends SocketReader {
     }
 
     boolean validateHost() {
-        return true;
+        return JiveGlobals.getBooleanProperty("xmpp.client.validate.host",false);
     }
 
     protected String getAvailableStreamFeatures() {