How to force Tigase to accept only "well-formed xml" streams
I am following a few general guide lines for server hardening. In order to check behavior of the port 5222, I tried telnet 10.1.1.10 5222 (10.1.1.10 is my Tigase server).
The Telnet session was accepted(no problem so far). Then I entered some random texts and the texts were echoed in Telent session, even when I copied and pasted some text from ms-word, the Telnet session was still open.
Do you know how can I force Tigase to accept only "Well-formed XML" streams?
Bellow is my plugins in init.properties file:
--sm-plugins = +message-archive-xep-0136,+jabber:iq:auth,+urn:ietf:params:xml:ns:xmpp-sasl,+urn:ietf:params:xml:ns:xmpp-bind,+urn:ietf:params:xml:ns:xmpp-session,-jabber:iq:register,+jabber:iq:roster,+presence,+jabber:iq:privacy,+jabber:iq:version,+http://jabber.org/protocol/stats,+starttls,+amp,-msgoffline,+vcard-temp,+http://jabber.org/protocol/commands,+jabber:iq:private,+urn:xmpp:ping,+basic-filter,+domain-filter,+pep,-zlib,+jabber:iq:last
--amp-security-level = NONE
--comp-class-6 = tigase.archive.MessageArchiveComponent
--comp-class-5 = tigase.http.rest.RestMessageReceiver
--comp-class-4 = tigase.stun.StunComponent
--comp-class-3 = tigase.socks5.Socks5ProxyComponent
--comp-class-2 = tigase.pubsub.PubSubComponent
--comp-class-1 = tigase.muc.MUCComponent
--comp-name-6 = message-archive
--comp-name-5 = rest
--comp-name-4 = stun
--comp-name-3 = proxy
--comp-name-2 = pubsub
--comp-name-1 = muc
Added by Artur Hefczyc about 4 years ago
You would need to replace existing XML parser with a different parser which does not accept anything except well formed XML. Right now Tigase accepts everything on the xmpp port and you cannot change it for 2 reasons:
Whitespace ping - is a common way for clients to keep TCP/IP connection alive and prevent disconnections of an idle connection. It is not specified what this whitespace character is, so we cannot limit it to a space character only.
So for performance reasons, Tigase accepts anything which comes in to the port but simply ignores everything which is not a well formed XML data. Therefore, overhead and resource consumption is minimal if a broken or malicious client connects and sends us garbage.
Of course there are number of other mechanisms which further reduce impact on the server caused by such malicious or broken connections, like authentication timeout, so any XMPP stream opened must be authenticated within certain time, transmission quota for each connection, specific conditions on XML data which even if theoretically well-formed may still cause excessive resource consumption like extremely long element names, large CData, etc...
So in my opinion allowing only well formed XML data would not necessarily harden the installation.