Messaging security


I’d like to ask if it is safe to deploy an openfire server on the internet.

I need the messages to be delivered in a confidential / safe way.

right now we have the server running in the intranet

thanks for reply

Like with every software it is more dangerous to put it on the Internet. You can acquire an SSL certificate and use it with Openfire to encrypt messages for some security level. But Openfire might has known vulnerabilities or new can be discovered later. As this project is not very active it can take long for such vulnerabilities to be fixed and your server will be exposed to exploits. Usually it’s some XSS vulnerability in the Admin Console code.