Hello,
Are there concerns about the possibility of uploading malicious .jar plugins that allow for RCE as the user hosting the Openfire server? Often times on Windows this being NT Authority\System because the default installation path is in Program Files(x86).
Is this more like Wordpress where the responsibility lies with the administrator protecting their admin accounts with a secure and unique password, firewall rules, non-default installation etc?
Sorry for posting here, couldn’t find a Security related avenue to pose this question.
Thank you