В сообщении от Среда 27 Октябрь 2004 11:48 Alex Kogan написал(a): > Hi everyone, > > I'm new to this mailing list. And I have a question to all Jabber > developers concerning security issues. I'm working on a Jabber-like > protocol for one-to-many chatting, it will be simpler and used for > local needs mostly. I'm writing a server in PHP and would like to > find the best way to protect communication in this protocol from > sniffing. Is this possible? I was reading through the Jabber RFC and > seems that I should look deeper into the TSL and SASL issues. TLS provides extra crypto-layer so all data passed forth and back will be protected - just like if you working via SSH, for example. > However, I was not able to get the idea of how these security issues > work in practice. Can you help me giving a practical advice on > implementing client-server communication which is somehow encrypted > and still be possible to read for server/client and > sniffing-protected at the same time? I also had a look into > class.jabber.php and its SendAuth() method, but again, I failed to > get the idea of md5() encoding. Is the whole conversation encoded > further? Old auth uses md5 method for authentication. The password is not decodeable - the provided info is just enough only for auth. > > Thank you. Hoping you can help me, at least show the right direction > for me. You should really consider using TLS.
And, BTW - why not use jabber for it? It have support for one-to-many chat. It have name Multi-User-Chat (JEP-0045) -- Respectfully Alexey Nezhdanov _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
