cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
735
Views
0
Helpful
2
Replies

Password ciphering available in CAXL?

Hi there,

I am currently working with the CAXL library to integrate IM&P into a Web Portal.  I am looking to get around having to exposing the user's plain text password in the browser when performing client.connect(username, password), and I saw mentioned in a question regarding the Jabber SDK the use of a password cipher when using "cwic".  However I've not seen anything similar mentioned for just using CAXL's "client" by itself.

Does anyone know if this something that is available in CAXL?  Or will this have to be a custom solution on our part?

Many thanks for any help,

Duncan

2 REPLIES 2
npetrele
Cisco Employee

Hi Duncan,

Could you clarify your concern here?  If you're using a secure connection (HTTPS), the password won't go over the wire in plaintext.  Or are you concerned that some other browser app (like another page or a plugin) would be able to see the password? 

Hi Nicholas,

Firstly, thanks so much for your speedy reply!  My concern is the latter actually, having to expose the password to the browser.  I know that this would have limited damaging effects should someone choose to try to abuse this, but it's still a big concern for me.

My initial thought if there was nothing out of the box that CUCM IMP provided was to have a two-way shared secret between the portal server and a proxy server sitting IN FRONT OF the BOSH server.  The portal server would hash the password and expose it to the browser.  The browser would talk to the proxy server rather than the BOSH server directly, and the proxy server would decode the password in the Authentication XMPP call before passing it on to the real BOSH server.  It'd be a little fiddly to implement but not too difficult...

Thanks,

Duncan

Create
Recognize Your Peers
Content for Community-Ad