Securing the USERSERVICE plugin

phil12 · December 13, 2011, 1:28pm

We are using the userservice plugin to create users and put them into groups. All this is fine, however we have been advised that the userservice poses a potential security vulnerablity in that it is simply protected with a secret code. Does anyone have any siggestions on adding further security to the use of this plugin? As i understand it creating users programatically directly to the DB is out of the question.

Many thanks,

Phil

akrherz · December 13, 2011, 3:24pm

Hi Phil,

Could you firewall the 9091 port for the openfire console to only allow connections from certain hosts? You are basically right about direct DB access, it is problematic.

daryl

phil12 · December 13, 2011, 3:29pm

Daryl, thanks for replying, I’ll take a look at this with my team.