is it possible to create new users (In-band registration) using anonymous user using Strophe.js like in the example here: http://groups.google.com/group/strophe/browse_thread/thread/a0e15ae226b91a3a?fwc=1 . I managed to register new users with an existing account only (as a normal "not admin" user). Is that a openfire security issue? I connected anonymously using:
connection.connect("server.local", null, onConnect);
The server returns:
<iq xmlns="" type="error" id="reg2" to="[email protected]/7711fc7f">
<query xmlns="jabber:iq:register">
<username>user</username>
<password>abc</password>
</query>
<error code="400" type="modify">
<bad-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</iq>
If I connect with a registered user it works fine and I can create other users. Would it be unsecure to allow registration from a dedicated user account say [email protected] (with no admin rights) ?