User Tools

Site Tools


evergreen-admin:security:chopchop

User Comments

jserver-c (chopchop)

The main thing to remember about jserver-c ("chopchop") is that it currently has NO authentication. Any ol' user with a jabber client can essentially take over a mal-configured jserver-c server, and potentially compromise any systems using OpenSRF (IE: Evergreen).

There is good news, however. There is absolutely no reason for jserver-c to be bound to the network card in a single-server scenario. jserver-c should be bound to localhost AND ONLY LOCALHOST.

More good news: a proper authentication mechanism for chopchop will be implemented shortly.

evergreen-admin/security/chopchop.txt · Last modified: 2022/02/10 13:34 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

© 2008-2022 GPLS and others. Evergreen is open source software, freely licensed under GNU GPLv2 or later.
The Evergreen Project is a U.S. 501(c)3 non-profit organization.