Skip navigation
2817 Views 2 Replies Latest reply: Jul 23, 2010 7:22 AM by dawgie2009 RSS
dawgie2009 Bronze 15 posts since
Jun 8, 2010
Currently Being Moderated

Jul 21, 2010 6:46 AM

Security vulnerabilities of XMPP

Hi there,

 

I'm using XMPP as a communication layer for machine-to-machine interaction. I'm interested in the security aspects of XMPP and Openfire. Is there anywhere a repository of XMPP and Openfire security vulnerabilities, issues, and countermeasures?

 

A couple of more specific questions:

 

1. Can you configure the server not to deliver messages to anyone who's not in your roster?

2. Can you configure the server not to deliver you message in a rate that exceeds some factor? (server side rate limiter)

 

Thanks!

  • Guus der Kinderen KeyContributor 836 posts since
    Sep 8, 2005
    Currently Being Moderated
    Jul 21, 2010 1:20 PM (in response to dawgie2009)
    Re: Security vulnerabilities of XMPP

    As far as I know, there is no such repository. We have our generic bugtracker of course, and some vulnerabilities are added to public websites that specialize in them, but that's about it.

     

    As for your questions:

    1. No, not to my knowledge. This is behaviour that's different from what's defined by the XMPP specification, as far as I know. It would however be rather simple to write a plugin (based on a packet interceptor) to implement this. Check out the Plugins - perhaps one does exists that implements this functionality!

    2. No, but that's on our to-do list though.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points