2 Replies Latest reply on Jul 23, 2010 7:22 AM by dawgie2009

    Security vulnerabilities of XMPP

    dawgie2009 Bronze

      Hi there,

       

      I'm using XMPP as a communication layer for machine-to-machine interaction. I'm interested in the security aspects of XMPP and Openfire. Is there anywhere a repository of XMPP and Openfire security vulnerabilities, issues, and countermeasures?

       

      A couple of more specific questions:

       

      1. Can you configure the server not to deliver messages to anyone who's not in your roster?

      2. Can you configure the server not to deliver you message in a rate that exceeds some factor? (server side rate limiter)

       

      Thanks!

        • Re: Security vulnerabilities of XMPP
          Guus der Kinderen KeyContributor

          As far as I know, there is no such repository. We have our generic bugtracker of course, and some vulnerabilities are added to public websites that specialize in them, but that's about it.

           

          As for your questions:

          1. No, not to my knowledge. This is behaviour that's different from what's defined by the XMPP specification, as far as I know. It would however be rather simple to write a plugin (based on a packet interceptor) to implement this. Check out the Plugins - perhaps one does exists that implements this functionality!

          2. No, but that's on our to-do list though.

          1 of 1 people found this helpful