January 2002
Beginner
480 pages
13h 15m
English
Content preview from Programming JabberBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Plaintext authentication method
The plaintext authentication method works as you would expect and is the default lowest common denominator method supplied with the Jabber server. It is provided by the mod_auth_plain module.
- Method
The password is transmitted in the XML stream, inside the
<password/>tag in thejabber:iq:authIQ-set packet, from the client to the server in plaintext, where it is compared to the password stored, also in plaintext, on the server.When a password is changed, using a
jabber:iq:registerIQ-set as described earlier in this chapter,mod_auth_plainstores the password, as received, in the user’s spool file.- Advantages
This method is by far the simplest to implement on the client side. It is also useful for debugging and testing purposes as it can be used in a connection “by hand” via telnet, not requiring any extra computation such as the digest and zero-knowledge methods do.
- Disadvantages
It’s insecure, on two levels. First, the password is transmitted in plaintext across the wire from client to server. The risk can be minimized by encrypting the whole connection using SSL. Second, the password is stored in plaintext on the server, which may be compromised.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.