[Juser] In band Registration how secure it is?
Peter Saint-Andre
stpeter at stpeter.im
Mon Jul 8 22:44:09 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/8/13 4:43 PM, Peter Saint-Andre wrote:
> This list is for end users, but I'll answer anyway. :-)
>
> On 7/3/13 12:11 AM, Manoj Raj wrote:
>> Hi,
>
>> I am trying to build a system in XMPP with in-band registration
>> enabled? I am working on a client in java which will have a
>> page to register with the fields username and password.
>
> So will the registration happen on a web page?
>
>> I have a mysql table 'users' where the username and password(as
>> hash) will be stored and i am planning to send an email
>> activation code to activate the code...
>
>> Is it safe to send the password as plain text through XMPP during
>> registration? Any security measures i can take to avoid hacks
>> or spams?
>
> If you control the XMPP server (and I hope you do!), then forcing
> TLS or other encryption from client to XMPP server and from XMPP
> server to your authentication backend is of course a good idea.
>
>> Any good ideas to proceed further on this implementation? Please
>> guide me.
>
> A longer description of your approach and architecture might help.
Oh, and using CAPTCHA on the front end might be beneficial, too.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR20C5AAoJEOoGpJErxa2p8N0P/RbYDasQUSLaEJ63tL8IOt+4
zmxI4v+hdkLXntNQfQTbOzMox6lRK9xe9qwOo0hVVuEWwqE87sWt4fwOTTS6OX1n
w00IsWzmn8JF2a97MlaZoOZodNDCOIduv6U4omCQ8fRM2q0FBw30PPqXO+0QP6Js
ZqO6/TGfSvoQbJKGE6ToDvUoRm0PsG7eWecxy8XifYOaQ3dOZy1dSGHLKmVXiK4I
AxUneym1w1YEuR4NShs1Q1I7clpoH5yhItXaakdt4Sx7jA6X32E1M4Z9t5MGV1XG
rvS7FH6n6I0hTd35P8XI8Zd+HpDyuqg2QhYFB2we0MfqimcSsiuVMYFSxuiPamgT
XSQH0saqk7SdeOitDPHUtwtkZkKGqmMBvZ2rm5H3uE3tJmsDNLO8ZfLTW5ccjfHu
uUrKglnHYpm0pxik7o6hjgzXkDtfSP61HjjLX+G7A7fer99kkXnvsjeP+77y0xN3
MldO1FhSYt9Vzlk9yHN/40lMLQPrOqkTr2gjDLvZhAchjh34v36KGjQclA8SHRT6
hWqKTDVKP+oP7wbfDYJCAuC4t15plSx3/jV6K9OoNauYuI/XvOuyRQ29PohZt8ME
x9FrKPCNkeD5Uo75Bi0VVrklgePL/znrnNUQjM3dFmCxwWJXnJls0rFukDp8GMAM
xI16DZUpMr/L93Zvd30m
=eyYE
-----END PGP SIGNATURE-----
More information about the JUser
mailing list