Im trying out Webchat and Fastpath for the first time, and I agree with Alexander on this issue.
Unless I’m mistaken about the implications of allowing anonymous logins to openfire, I belive this could be a security problem. In our environment we use Openfire as our corporate IM server, and have roaming users connecting via random IP addresses, authenticating with Openfire via LDAP/AD. If we want to implement FastPath, it seems that we need to enable Anonymous logins on Openfire, which I assume means that anyone can open an XMPP connection and send messages to any of our users - a big security hole!
We obviously only want Anonymous connections to come into the Fastpath Queues, and only from our webserver IP address. So, there are a few ways this could be achieved, either only allow Anonymous connections from specified IP addresses (authenticated connections from any address), or have the WebChat client login to Openfire using a pre-defined username and password, which would negate the need for anonymous logins at all.
I would say that this setup is a pretty common scenario, so how have others got around this problem?
Edit: Just found another thread about this, and a comment from Dombiak Gaston:
Hey Joseph,
Are you using the webclient to let users/people make their questions?
If you are not using it then there is no need to allow anonymous users.
However, if you are using it then we would need to implement a new
enhancement so that you can specify the list of valid IP address for
anonymous users. Would that work for you?
I am not Joseph, but Dombiak if you are reading this, yes this would work for me!
Ben