[Members] Jabber Software Map

Ulrich Staudinger us at activestocks.de
Fri Dec 2 14:48:35 CST 2005


Hi :-)


Richard Dobson schrieb:

> There are also other security issues you dont seem to have considered 
> such as revealing your jabber password to the web server, if the web 
> server were compromised even if it was validating passwords without 
> direct access to the db the passwords can still be exposed because 
> when someone logs in via the website and the website gets a response 
> saying the password is valid then a hacker could introduce code to log 
> down all the valid passwords, so saying this is secure is not really 
> very true.
>
Well, i agree with you that it is secure is not really very true. But i 
think it's much more secure than any jabber server at all right now. Or 
can't simply every machine on the whole internet right now try to login 
at any server in the web and doesn't it get back true or false ?

> Lets just either do as I suggested and have Jabber Software Map having 
> its own user database that people have to register for, or go for the 
> longer term option of a more secure jabber based solution where the 
> passwords arnt being compromised.

Ok, i am really interested. What do you propose as a more secure jabber 
based solution ? Tia


Thanks,
Best Regards,
Ulrich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: us.vcf
Type: text/x-vcard
Size: 329 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/members/attachments/20051202/d773be39/us.vcf


More information about the Members mailing list