[ejabberd] User management.

Paul Kinlan paul.kinlan at gmail.com
Mon Mar 9 12:59:21 MSK 2009


Hi,

I am developing a simple piece of software that uses mod_rest and
mod_http_bind.

I have a couple of questions that I hope people can help me with, with
regards to setup and configuration and best practices.

Each page instance will individually talk with a single user ("game
controller" for example) on our ejabberd server mod_http_bind, I need the
system to not require usernames and passwords and I have identified two
options:

   1. I can enable mod_register so that my page will create random user
   names and passwords, however I would like to lock down the ability to change
   the password and delete the user (although allowing them to mod anything
   will mean that they can't use the service. I will then create a mainance
   plan that will clear down users after an hour our so.) but I don't think I
   can lock it down this way.
   2. I can have one user each with a different resource name (randomly
   created) and direct the messages to the resources in question.  This way I
   can disable any password change facilities, and it should be

I worry that clever users will be able to send stanzas back to the server,
and all I really want them to do is listen to messages comming from my "game
controller", so for instance, I don't want them to discover other users or
change their password, or be able to send messages back to the game
controller and I can't work out how to disable this functionality.

I would be really keen to hear your thoughts, suggestions and criticsims.

Kind Regards,
Paul.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20090309/4cf1e29f/attachment.htm>


More information about the ejabberd mailing list