I developed chat application for mobile platform which uses eJabberd xmpp chat server configured in my public Ubuntu machine.
To make the server connection i used https://mydomainname.com:5280/http-bind so how to protect this to access only by my client application not others.
Now my server is accessible by any client like pidgin, adium etc How to block this.
You can modify ejabberd to have a custom authentication that integrate a variation from the specification and implement that in your client. That way, unmodified standard client will not be able to read it.
However, as your client is Javascript and code is visible, it will still be possible to patch existing client to implement your variation, but there is not way around this. The approach of "shared secret" means that if the secret is found, other clients could find a way to connect. The secret is even less difficult to find when your code is public (even if obfuscated).
