powered by Jive Software

External components - What is "shared secret"?

SImple questoin that i can not find the answer too. I went to enable the External components and it wants to know what the shared secret is. Well, what is this? Is it a password that the other person will have to enter to log-on? If an external componet is started by a server itself am i transmitting this password to it? If so it is in plaintext?

My brain can only hold so many passwords. They are damn good ones, but i don’t want to use an important one in this field if it is risky.


Bearcat M. Sandor


It’s a plain text shared password that external components (you can regard them as server daemons) send to an XMPP server to authenticate themselves before being allowed by the server to run services. External components connect to a different port than normal users who uses port 5222/5223, and speaks different protocol.

The password can be seen in the admin console and database, so you might not want to use your darn good password .

Thank you. i know that anything can be exploited, but if i don’t pick a ‘darn good one’ how much of a hole is it?