[ejabberd] User management.

Jack Moffitt jack at chesspark.com
Tue Mar 10 01:51:34 MSK 2009


> Each page instance will individually talk with a single user ("game
> controller" for example) on our ejabberd server mod_http_bind, I need the
> system to not require usernames and passwords and I have identified two
> options:

You missed the third, and best option, which is to use SASL ANONYMOUS.

> I worry that clever users will be able to send stanzas back to the server,
> and all I really want them to do is listen to messages comming from my "game
> controller", so for instance, I don't want them to discover other users or
> change their password, or be able to send messages back to the game
> controller and I can't work out how to disable this functionality.

Discovering other users is protected by the roster, so you don't have
to worry about that.  Changing password is something that has no
meaning with SASL ANONYMOUS, and with normal connections that can be
controlled (if it's even supported. I don't know that it's possible to
change the password over XMPP with ejabberd).  As for the game
controller, just have it ignore messages from unknown JIDs.

jack.


More information about the ejabberd mailing list