I was concerned about anonymous users from the internet using our spark server if i leave anonymous users selected. I know that webchat requires it to run the way it does… But i am concerned about some kid on the outside seeing what ports i have opened up on my firewall and then connecting to our server and sending garbage to our employees… I don’t care if they try to do it from the web site persay but if they access it directly via the port they are already up to no good anyway… We have 6 remote locations and a handful of traveling people that login to our server so locking it down by IP address is out of the question.
Oh, I see now what you mean and I agree. Currently there is no way to limit IP addresses that anonymous users could use and leave the rest open for not-anonymous users. If someone is willing to contribute that improvement we would gladly include it and also guide in the development of that feature.
Is an anonymous user anything thats getting exploited yet?
I never heard of that happening before. In fact, I don’t know of any XMPP client that supports anonymous users. However, we do support it in our Smack library. That means that technically someone may exploit this vulnerability.
Am I correct to assume that there will be a sparkweb plugin in the future?
Sparkweb plugin for Fastpath? We do not have plans for that but you are not the first one asking for that. May be someone will contribute that work.
P.S. I love the openfire/wildfire/spark project, you guys rock!
I was concerned about anonymous users from the internet using our spark server if i leave anonymous users selected. I know that webchat requires it to run the way it does… But i am concerned about some kid on the outside seeing what ports i have opened up on my firewall and then connecting to our server and sending garbage to our employees… I don’t care if they try to do it from the web site persay but if they access it directly via the port they are already up to no good anyway… We have 6 remote locations and a handful of traveling people that login to our server so locking it down by IP address is out of the question. Is an anonymous user anything thats getting exploited yet?
Right, what are you all worried about? I dare any of you to try and exploit the anonymous user functionality. I bet you can’t. It is not as unsecure as it sounds.
Rob, if there is no jabber clients with anonymous logins functionality, its does not mean that somebody can’t create it
I see no way for hack system using anonymous logins, but I see a lot possibilities for a spammers. So, a best way to protect myself from rats is blocked all ratholes and open ways
In anyway, in few day patch will be published so I not see any subject of dispute
I am a Debian user, but I don’t mind waiting a while if the patch will be incorporated into Openfire eventually, as there will be a delay before we actually go live with the Fastpath/Webchat system anyway.