Chapter 12. Connection Methods and Security

Most of the chapters in this book focus on describing the high-level XMPP protocols in terms of stanzas sent and received, without talking about the XML streaming layer that handles the sending and receiving of stanzas over the wire. To round out our coverage of XMPP, we focus on the lower layers of the XMPP protocol stack in this chapter.

XMPP provides a great deal of flexibility regarding connection methods, authentication, encryption, and other fundamentals. This chapter walks you through some of these fundamentals, showing how you can use them to build more powerful and secure applications. First, we describe standard client-to-server connections over TCP, including techniques for securing those connections. We then illustrate the power of the network by explaining how server-to-server connections work, and how servers can be extended using external components. We then look at an alternative binding that enables you to send XMPP traffic over HTTP for web applications and for mobile devices that have intermittent network connectivity. Going even farther afield, we explore how to set up serverless messaging between clients on ad-hoc local networks. Finally, we provide an overview of some of the key security issues to consider when deploying XMPP-based systems.