[JDEV] In-band registration

Jacek Konieczny jajcus at bnet.pl
Thu Sep 18 07:41:45 CDT 2003

On Thu, Sep 18, 2003 at 06:59:31AM -0500, Ryan Eatmon wrote:
> If instead we decided to ax in band registration, and require a web page 
> or some other script or what not for registration, then you just made 
> administrating and setting a server that much more complicated.  You are 
> now requiring a web server.  To run a Jabber server you must be running 
> a web server?  I do not support that at all.

Web server is not needed. Just a command line tool to manually add
users. Such tool could be included in jabberd package. Administrator
of a small server may manually create accounts for his users.
Administrator who can't setup web server with simple CGI script (or any
other mechanism for account registration) should not maintain big
public Jabber server.

> But I am not in support of getting rid of in band registration.

IN-band registration = (usually) open to anybody and insecure

Because it is open it will be widely used by spammers when Jabber
becomes more popular. And when it is more popular it will be much harder
to convince administrators to disable in-band registration. Many of them
won't disable it and spammers will be very happy.

Because it is insecure - passwords (and accounts) may be stolen before
they even are used the first time.


More information about the JDev mailing list