User Tools

Site Tools


evergreen-admin:security:chopchop

User Comments

jserver-c (chopchop)

The main thing to remember about jserver-c ("chopchop") is that it currently has NO authentication. Any ol' user with a jabber client can essentially take over a mal-configured jserver-c server, and potentially compromise any systems using OpenSRF (IE: Evergreen).

There is good news, however. There is absolutely no reason for jserver-c to be bound to the network card in a single-server scenario. jserver-c should be bound to localhost AND ONLY LOCALHOST.

More good news: a proper authentication mechanism for chopchop will be implemented shortly.

evergreen-admin/security/chopchop.txt · Last modified: 2006/01/08 06:06 (external edit)

© 2008-2017 GPLS and others. Evergreen is open source software, freely licensed under GNU GPLv2 or later.
The Evergreen Project is a member of Software Freedom Conservancy.