[ejabberd] User management.

Paul Kinlan paul.kinlan at gmail.com
Tue Mar 10 15:08:08 MSK 2009


Hi Jack,

Thanks for the advice, the good thing from my point of view is the actuall
ejabberd server will be behind a firewall so users won't be able to connect
other than throught the http-bind interface so I can control some of the
access through the proxy.

I am looking into SASL ANONYMOUS now and checking to see if the jquery.bosh
api supports it :)

Cheers,
Paul

2009/3/9 Jack Moffitt <jack at chesspark.com>

> > Each page instance will individually talk with a single user ("game
> > controller" for example) on our ejabberd server mod_http_bind, I need the
> > system to not require usernames and passwords and I have identified two
> > options:
>
> You missed the third, and best option, which is to use SASL ANONYMOUS.
>
> > I worry that clever users will be able to send stanzas back to the
> server,
> > and all I really want them to do is listen to messages comming from my
> "game
> > controller", so for instance, I don't want them to discover other users
> or
> > change their password, or be able to send messages back to the game
> > controller and I can't work out how to disable this functionality.
>
> Discovering other users is protected by the roster, so you don't have
> to worry about that.  Changing password is something that has no
> meaning with SASL ANONYMOUS, and with normal connections that can be
> controlled (if it's even supported. I don't know that it's possible to
> change the password over XMPP with ejabberd).  As for the game
> controller, just have it ignore messages from unknown JIDs.
>
> jack.
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20090310/b2d2d32c/attachment.htm>


More information about the ejabberd mailing list