[Kolab-devel] XMPP integration in Kolab web client

Mihai Badici mihai at badici.ro
Thu Jan 30 18:18:05 CET 2014


The point was IMHO credentials should be transmitted via post method, not
get. It is true this situation occure only when something go wrong.
 Pe 30.01.2014 18:36, "Thomas Brüderli" <bruederli at kolabsys.com> a scris:

> Mihai Badici wrote:
> > If I set  old_style_prebind =  true I have the chance to see my password
> in my
> > browser's navigation bar like:
> >
> > http://mail.example.com/?jid=eee&password=eee
>
> I'm wondering how you got this. With pre-binding active, the password is
> never sent to the client. Looks like you submitted the login form in the
> client which means that pre-binding didn't work.
> >
> > This is also logged in apache's log and, as a bonus, openfire don't work
> with
> > this option.
>
> So obviously 'converse_xmpp_old_style_prebind' + openfire is the root
> cause here. As previously mentioned, the old_style code only supports
> PLAIN authentication which might be rejected by openfire.
>
> But thanks a lot for sharing your findings with us.
>
> Kind regards,
> Thomas
>
>
>
> _______________________________________________
> devel mailing list
> devel at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/devel/attachments/20140130/31157e94/attachment.html>


More information about the devel mailing list