Matt RaibleMatt Raible is a Web Developer and Java Champion. Connect with him on LinkedIn.

The Angular Mini-Book The Angular Mini-Book is a guide to getting started with Angular. You'll learn how to develop a bare-bones application, test it, and deploy it. Then you'll move on to adding Bootstrap, Angular Material, continuous integration, and authentication.

Spring Boot is a popular framework for building REST APIs. You'll learn how to integrate Angular with Spring Boot and use security best practices like HTTPS and a content security policy.

For book updates, follow @angular_book on Twitter.

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

RECENT ENTRIES


Tag Cloud


abbie appfuse birthday denver family grails gwt jack java javascript jsf linkedin maven montana roller skiing softwaresummit spring springmvc struts2 travel trish vacation webframeworks wicket
« I dig the redesign..... | Main | Formatting Comments... »
Friday May 09, 2003

How to control access with Jabber?

So know that I've got a password-embedding scheme worked out for e-mail and moblogger, I have to figure out a way to do something similar with Jabber. Currently, in what I have working, there is no password verification, but it is needed. It's necessary to prevent just any-old-Joe from posting to your weblog. Of course, they'd have to know the username for your blog IM user (this listens for new posts), but it probably wouldn't be hard to figure out. My first thought is to have the password as the first part of the message, and then the message after that. For instance: 

mypassword / Here is the rest of my post

I'd suggest doing this in the subject, but the problem with this is that you can send an IM without a subject, and I still want posts to succeed even if there's no subject (a.k.a. title). So whaddya think - would you be willing to type "password / rest of your IM" everytime to wanted to post to your weblog via IM?

BTW, the new server seems to be holding up quite nicely, eh?

Posted in Java at May 09 2003, 06:37:11 AM MDT 4 Comments
Comments:

Instead of using a password in your IM posting (which feels a little awkward, IMHO), you could always limit posting access by jabber id. As long as the jabber server isn't compromised, an ID coming from [email protected] should be (at least from what I've read) foo on the jabber.com server. I'm sure that spoofing, if even known to be possible, is non-trivial. If you set up [email protected] as an address that you can post from, you'd be able to post from home or work, since you could have [email protected]/Home and [email protected]/Work, etc. I've read up a lot about Jabber, but I'm no expert. However this seems just as secure as a plaintext password in a subject email or a plaintext password in an IM conversation. Of course none of these is really secure, but usually secure enough for our purposes. :)

Posted by Matt Croydon on May 09, 2003 at 07:25 AM MDT #

Ack, sorry about the ugly comment. Next time I'll make use of the p tag.

Posted by Matt Croydon on May 09, 2003 at 07:27 AM MDT #

That's probably the best idea - thanks Matt!

Posted by Matt Raible on May 09, 2003 at 08:19 AM MDT #

Mark did this for blojsim via a valid-posters list as well. Basically, the list specified who is allowed to "converse" with (aka post to) your blog.

Posted by David Czarnecki on May 09, 2003 at 09:39 AM MDT #

Post a Comment:
  • HTML Syntax: Allowed