[Juser] In band Registration how secure it is?

Peter Saint-Andre stpeter at stpeter.im
Mon Jul 8 22:43:19 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This list is for end users, but I'll answer anyway. :-)

On 7/3/13 12:11 AM, Manoj Raj wrote:
> Hi,
> 
> I am trying to build a system in XMPP with in-band  registration 
> enabled? I am working on a client in java which will have a page
> to register with the fields username and password.

So will the registration happen on a web page?

> I have a mysql table 'users' where the username and password(as
> hash) will be stored and i am planning to send an email activation
> code to activate the code...
> 
> Is it safe to send the password as plain text through XMPP during 
> registration? Any security measures i can take to avoid hacks or
> spams?

If you control the XMPP server (and I hope you do!), then forcing TLS
or other encryption from client to XMPP server and from XMPP server to
your authentication backend is of course a good idea.

> Any good ideas to proceed further on this implementation? Please
> guide me.

A longer description of your approach and architecture might help.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR20CHAAoJEOoGpJErxa2pDXEP/3uDNMiQXm75TB7le594ihwZ
xia4qjy/oOLxSDypEEaQ+l/pzKZVIcrxufmlBjgw3Ym+9ivb252he1QKRPZ5QzBo
ADT23+rBCypRf8KQxl+cyrxhVYcYcHzNonMKNpgMTGtc/cz/jj71dtSoFNRLxa2n
T9Im2A189Ws3aPlJRZM5F+PumSDHH4MfMQ6uyXwdktzJ2wnG6ffsy5z4yIzScX1S
Nibz3v6xhzGLbni5DlHaIOMja0SalqdS3XB980rBzems+vIzXj2Sjm95i1oJ4570
Hh9YFaF3m3CCI7Gg0qma12eEpj/K+d3RUt1DBSQup304njTavHBgSqczl6BN5EFz
nDbA8ugLOxjyHKBUGMglDGVmiJAhmAa+4qbDocYaYK15Ovi6QqsLkVOGZYv1LUah
+AHH/ulOuS6J1SiANLEJXbdxgZ8D1PkVzRI376iCeMwwbHb5jZzApw8pgPzIsIy+
nEKF+EGfYSuwJVr7Jm8czkx6A5Id26qJbhM+EtOACauKkPAQP3vVqOm3p0MzFuI0
klv0hOwfBhhDUh7M1Y6eoA9veJWWHycPD6IFqtMqItF4GyAx7lREiZTjAMSMF/qo
WYVM21mACmGY+tkRaKe9MLOigplY7uJcMuyW2NACPJfpuN6rqhzxq5EjNW7o7RKM
7PwDSiSmk3YljXTWstSf
=mwJZ
-----END PGP SIGNATURE-----


More information about the JUser mailing list