[[user-comments:evergeen-admin:security:chopchop|User Comments]]

====== jserver-c (chopchop) ======

The main thing to remember about jserver-c ("chopchop") is that it currently has NO authentication.  Any ol' user with a jabber client can essentially take over a mal-configured jserver-c server, and potentially compromise any systems using OpenSRF (IE: Evergreen).

There is good news, however.  There is absolutely no reason for jserver-c to be bound to the network card in a single-server scenario.  jserver-c should be bound to localhost AND ONLY LOCALHOST.

More good news: a proper authentication mechanism for chopchop will be implemented shortly.