[ejabberd] User management.
paul.kinlan at gmail.com
Mon Mar 9 12:59:21 MSK 2009
I am developing a simple piece of software that uses mod_rest and
I have a couple of questions that I hope people can help me with, with
regards to setup and configuration and best practices.
Each page instance will individually talk with a single user ("game
controller" for example) on our ejabberd server mod_http_bind, I need the
system to not require usernames and passwords and I have identified two
1. I can enable mod_register so that my page will create random user
names and passwords, however I would like to lock down the ability to change
the password and delete the user (although allowing them to mod anything
will mean that they can't use the service. I will then create a mainance
plan that will clear down users after an hour our so.) but I don't think I
can lock it down this way.
2. I can have one user each with a different resource name (randomly
created) and direct the messages to the resources in question. This way I
can disable any password change facilities, and it should be
I worry that clever users will be able to send stanzas back to the server,
and all I really want them to do is listen to messages comming from my "game
controller", so for instance, I don't want them to discover other users or
change their password, or be able to send messages back to the game
controller and I can't work out how to disable this functionality.
I would be really keen to hear your thoughts, suggestions and criticsims.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ejabberd