[ejabberd] Security Issues

Konstantin Khomoutov flatworm at users.sourceforge.net
Fri Jul 15 07:39:48 MSD 2011


On Thu, 14 Jul 2011 21:24:56 +0530
Manoj Philip <manoj.philip at pipalresearch.com> wrote:

>    1. What are the best chat client available for mobile/blackberry.
>       Please name them.
>    2. We are using ejabberf for local domain with AD integration. I
> want to make chat accessible from Internet. How to go about it.
Nothing special. Just make your server accessible from the Internet.
"AD" is there only to verify login/password passed by a client to the
server using AD's LDAP database, so nothing really special about it.

>    3. What should be done that chat client should be able to access
> our server on laptop issued by office. No other laptop/computer should
>       be able to connect to chat server.
It's not clear what do you really mean.

While everyone can connect to your server (unless their source IP is
blocked by a firewall protecting the server), not everyone can *work*
with your server as this requires knowledge of the username and a
matching valid password. Won't this work for you?

If you need a stronger sort of protection, use VPN or another sort of
secure channel.

ejabberd itself is able to use TLS (actually, its usage is enforced if
you're using LDAP auth) but AFAIK ejabberd currently has no way to
actually verify the client's certificate, so you can't verify the
client's identity this way.


More information about the ejabberd mailing list