On Thu, Jun 13, 2002 at 11:10:38AM -0500, Ed Giesen wrote: > I have been getting a jabberd working with ssl. During my playing around, I > noticed that when jabberd is invoked with -D, and clients are using ssl, the > debug output still prints out messages, decrypted. > > I was wondering if this situation has been discussed at all. I know that > some information is needed when debugging, even in a secure site, but, is > chat content ever needed?
I'm sure there will be lots of different opinions about this; here's mine (keeping in mind that these are answers to your / my (imaginary) colleagues): - SSL is to protect the data in transit, not on the server itself - it's not just chat messages that go through and need to be debugged it's other traffic too (Jabber isn't just IM" ;-) - production servers shouldn't be run with -D - correspondents have the option of encrypting their messages, independent of whether the conduit itself is encrypted - see jabber:x:encrypted - it's not just the -D log that shows chat messages in 'plain' view; what about messages that are stored in the event of the recipients' absence? (this one's a double-edged sword :-) cheers dj _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
