[OPEN-ILS-DEV] Ejabberd configuration for OpenSRF

Galen Charlton gmc at esilibrary.com
Wed Oct 3 11:29:06 EDT 2012


Hi,

On Tue, Oct 2, 2012 at 4:55 PM, Lazar, Alexey Vladimirovich
<alexey.lazar at mnsu.edu> wrote:
> An old thread, but oh well. I wasn't seeking an excuse to use weak passwords. My question, which could have been phrased more specifically, was about the potential risk of using weak passwords for ejabberd users. For example, could somebody try to exploit a weak password here? How? What's to gain? That type of stuff.

Somebody with the Jabber credentials could issue OpenSRF requests and
in particular directly access all services, including private ones --
think of things like unconstrained access to query any database table
defined in fieldmapper.  However, strong passwords are very much just
a second line of defense,since for a production setup one shouldn't
allow access to the Jabber ports to the outside world anyway.

Regards,

Galen
-- 
Galen Charlton
Director of Implementation
Equinox Software, Inc. / The Open Source Experts
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org


More information about the Open-ils-dev mailing list