[Operators] Suspicion of Jabbim services being hacked
istvanbetuker at gmail.com
Sat Jan 10 13:46:08 UTC 2015
Hi, please remove my e-mail from the mailing list. It was a mistake for I
On Dec 29, 2014 6:41 PM, "Mathias Ertl" <mati at fsinf.at> wrote:
> On 12/19/2014 08:36 PM, Mathieu Pasquet wrote:
> > Do we have any statistics (e.g. on jabber.org) about what proportion of
> > clients do not support any other mechanisms than PLAIN and DIGEST-MD5?
> > (though yes, PLAIN works well with hashed passwords, but should still be
> > avoided whenever possible)
> > That would be enlightening.
> ejabberd supports an option "disable_sasl_mechanisms" in 14.12. We used
> it to disable digest-md5 to mimics a switch to SCRAM-SHA1 before we made
> the actual switch.
> We have received a single report of a user not being able to connect,
> but he didn't reply after us asking what client he used. We have seen no
> observable drop in service usage.
> greetings, Mati
> twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
> I only read plain-text mail! I prefer signed/encrypted mail!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Operators