I wonder if it’s possible. I don’t want my users to use the server outside of my webapplication. Like… they may even know which port Openfire is running on, but there should be no way for them to get in. This would mess things up big time, because i use the stream connections for more than just chatting.
Ideas i had:
Only allow connections from localhost - but that would need a gateway to the outside, don’t it?
Only allow a specific Client version - okay, if there’s no way to fake it. Could work…
Disable the client account when he is logged out from the webinterface - Could work, too…
I don’t know much about Openfire yet and what security options exist. What can i do to tie users to my webapplication?
Thanks in advance.
PS: I am sorry if this has been covered on these forums, but i didnt know what else (words) to look for.