[jdev] sasl plain again

Norman Rasmussen norman at rasmussen.co.za
Mon Apr 17 05:54:55 CDT 2006

On 4/17/06, Adrian Adrian <flashbk2003 at yahoo.com> wrote:
>  I finally managed to authenticate to Wildfire using TSL on port 5222 and
> plain SASL.
>  My question is : how secure is this connection ?
>  Will the data that travels back and forth the client and server be exposed
> ?
>  If so, what options do I have to ensure the packets won't be decoded by a
> third party ?

If you're enabling TLS then it's secure as any https connection
(excepting the fact that certs are not checked correctly, etc).

If you're worried, try running tcpdump (or any other packet sniffer),
and check out the data that flows back and forth.  You _should_ see
the initial xml stream, and the starttls request, but after that
everything should look encrypted.

- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/

More information about the JDev mailing list