Hello, Is there any way to restrict user creation in my xmpp server (openfire) just for my client that i am developing? Also is there any effective way to restrict the connection just for my client?
I read about the client control plugin, but its not effective because use the resource name.
I really need to restrict the connection and the user creation just for my app.
One possible way would be to somehow remove the capability, from the app user side, to manually set the password to a known, to the user value. Essential you would connect users through some kind of Token. This could pose some other security issues, how to store the password in your app etc on the other hand.
@gustavo for the same purposes I will use the pattern here An adapter-like pattern and code for the creation of XMPP users in an OpenFire server - CodeProject, enhanced with some special password handling. This is a php script restricting access to selected operations of REST API. In the script users are sent the real password (this is not a best practice security wise, it could be replaced to have one time url).
In order to restrict users to access your server, only to your app, you should not allow the app’s users to set the actual XMPP password, but you should use some kind of “salted” version of the user entered “password”.
You could modify the php in the article in order instead of sending the real password, to sent a hash of it. In your application you should use the same (secret) hash function in order to decode the actual password.