I'm using XMPP as a communication layer for machine-to-machine interaction. I'm interested in the security aspects of XMPP and Openfire. Is there anywhere a repository of XMPP and Openfire security vulnerabilities, issues, and countermeasures?
A couple of more specific questions:
Can you configure the server not to deliver messages to anyone who's not in your roster?
Can you configure the server not to deliver you message in a rate that exceeds some factor? (server side rate limiter)