Hi, On Tue, Oct 2, 2012 at 4:55 PM, Lazar, Alexey Vladimirovich <[email protected]> wrote: > An old thread, but oh well. I wasn't seeking an excuse to use weak passwords. > My question, which could have been phrased more specifically, was about the > potential risk of using weak passwords for ejabberd users. For example, could > somebody try to exploit a weak password here? How? What's to gain? That type > of stuff.
Somebody with the Jabber credentials could issue OpenSRF requests and in particular directly access all services, including private ones -- think of things like unconstrained access to query any database table defined in fieldmapper. However, strong passwords are very much just a second line of defense,since for a production setup one shouldn't allow access to the Jabber ports to the outside world anyway. Regards, Galen -- Galen Charlton Director of Implementation Equinox Software, Inc. / The Open Source Experts email: [email protected] direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
