[Juser] In band Registration how secure it is?

Peter Saint-Andre stpeter at stpeter.im
Mon Jul 8 22:44:09 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/8/13 4:43 PM, Peter Saint-Andre wrote:
> This list is for end users, but I'll answer anyway. :-)
> 
> On 7/3/13 12:11 AM, Manoj Raj wrote:
>> Hi,
> 
>> I am trying to build a system in XMPP with in-band  registration
>>  enabled? I am working on a client in java which will have a
>> page to register with the fields username and password.
> 
> So will the registration happen on a web page?
> 
>> I have a mysql table 'users' where the username and password(as 
>> hash) will be stored and i am planning to send an email
>> activation code to activate the code...
> 
>> Is it safe to send the password as plain text through XMPP during
>>  registration? Any security measures i can take to avoid hacks
>> or spams?
> 
> If you control the XMPP server (and I hope you do!), then forcing
> TLS or other encryption from client to XMPP server and from XMPP
> server to your authentication backend is of course a good idea.
> 
>> Any good ideas to proceed further on this implementation? Please 
>> guide me.
> 
> A longer description of your approach and architecture might help.

Oh, and using CAPTCHA on the front end might be beneficial, too.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR20C5AAoJEOoGpJErxa2p8N0P/RbYDasQUSLaEJ63tL8IOt+4
zmxI4v+hdkLXntNQfQTbOzMox6lRK9xe9qwOo0hVVuEWwqE87sWt4fwOTTS6OX1n
w00IsWzmn8JF2a97MlaZoOZodNDCOIduv6U4omCQ8fRM2q0FBw30PPqXO+0QP6Js
ZqO6/TGfSvoQbJKGE6ToDvUoRm0PsG7eWecxy8XifYOaQ3dOZy1dSGHLKmVXiK4I
AxUneym1w1YEuR4NShs1Q1I7clpoH5yhItXaakdt4Sx7jA6X32E1M4Z9t5MGV1XG
rvS7FH6n6I0hTd35P8XI8Zd+HpDyuqg2QhYFB2we0MfqimcSsiuVMYFSxuiPamgT
XSQH0saqk7SdeOitDPHUtwtkZkKGqmMBvZ2rm5H3uE3tJmsDNLO8ZfLTW5ccjfHu
uUrKglnHYpm0pxik7o6hjgzXkDtfSP61HjjLX+G7A7fer99kkXnvsjeP+77y0xN3
MldO1FhSYt9Vzlk9yHN/40lMLQPrOqkTr2gjDLvZhAchjh34v36KGjQclA8SHRT6
hWqKTDVKP+oP7wbfDYJCAuC4t15plSx3/jV6K9OoNauYuI/XvOuyRQ29PohZt8ME
x9FrKPCNkeD5Uo75Bi0VVrklgePL/znrnNUQjM3dFmCxwWJXnJls0rFukDp8GMAM
xI16DZUpMr/L93Zvd30m
=eyYE
-----END PGP SIGNATURE-----


More information about the JUser mailing list