Securing the USERSERVICE plugin

We are using the userservice plugin to create users and put them into groups. All this is fine, however we have been advised that the userservice poses a potential security vulnerablity in that it is simply protected with a secret code. Does anyone have any siggestions on adding further security to the use of this plugin? As i understand it creating users programatically directly to the DB is out of the question.

Many thanks,


Hi Phil,

Could you firewall the 9091 port for the openfire console to only allow connections from certain hosts? You are basically right about direct DB access, it is problematic.


Daryl, thanks for replying, I’ll take a look at this with my team.