[JDEV] Account information storage, plaintext?

Peter Saint-Andre stpeter at jabber.org
Tue Sep 16 17:07:39 CDT 2003

On Tue, Sep 16, 2003 at 02:54:12PM -0700, Justin Karneges wrote:

> Maybe the issue comes down to jabber:iq:register being incompatible with any 
> SASL mechanism that does not use plaintext passwords.  If we nix iq:register, 
> does the problem go away?  Maybe then the admin has to make a choice between 
> supporting anonymous registrations vs having a more-secure system.

Maybe there is a good reason why user registration occurs outside 
the protocol in other systems. I think in-band registration is fine for
registering with components, but doesn't make sense for registering your
main IM account.


Peter Saint-Andre
Jabber Software Foundation

More information about the JDev mailing list