ejabberd - Comments for "SSL"

Checking for encrypted login

totem — Tue, 08 Mar 2005 17:17:54 +0000

When testing a SSL connection you can use tcpdump or ethereal between the client and the ejabberd server. Without SSL you can see the password on the wire. With SSL enabled this disappears. Its the simplest means of giving you the warm and fuzzy feeling that SSL is working :)

totem

It is a debug option

fbv — Thu, 10 Feb 2005 15:47:38 +0000

Someone told me in another thread (don't remember what is. I think it is the one I started) that this is a debug option that was forgot on the code of ejabberd.

It is something like a ( printf("\n(AUTH:%s:%s)\n",$user,$password); ).

It just appear at the server log window when start without -detached option.

As I have understood the password is sent over the network in an encrypted form and the server at the hash time decrypt it. So, I think the problem is solved.

The only thing is to comment this debug line on next version of ejabberd.

That is it.

You can see the username and

mfoss — Wed, 09 Feb 2005 21:03:59 +0000

You can see the username and password on the server logs because the server needs to know the username and password, right?

The important part is that only the client and the server can see the password.

I got a similar problem

fbv — Fri, 04 Feb 2005 19:51:00 +0000

Well, hello folk.

I've got a server running here in my company. It's doing well and I have the SSL transfer working fine. It means that when I log in I see the padlock closed. Secure conection.

But I still have to log in using the *horrible* 'plaintext login' method.

If I have something useful for you just ask. And, if you learn how to do the 'secure' login, please, tell me.

Bye!