[Operators] Suspicion of Jabbim services being hacked
mati at fsinf.at
Mon Dec 29 16:38:59 UTC 2014
On 12/19/2014 08:36 PM, Mathieu Pasquet wrote:
> Do we have any statistics (e.g. on jabber.org) about what proportion of
> clients do not support any other mechanisms than PLAIN and DIGEST-MD5?
> (though yes, PLAIN works well with hashed passwords, but should still be
> avoided whenever possible)
> That would be enlightening.
ejabberd supports an option "disable_sasl_mechanisms" in 14.12. We used
it to disable digest-md5 to mimics a switch to SCRAM-SHA1 before we made
the actual switch.
We have received a single report of a user not being able to connect,
but he didn't reply after us asking what client he used. We have seen no
observable drop in service usage.
twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
I only read plain-text mail! I prefer signed/encrypted mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6044 bytes
Desc: S/MIME Cryptographic Signature
More information about the Operators