Let me start off by stating that I know very little about the XMPP protocol or real-time communication in general. I did however manage to set up an ejabberd server with TLS encryption. I have written a PHP website with a custom user system saved to a MySQL database. The database for users looks like this:
- MyDatabase
- UsersTable
- uid
- username
- password (hashed)
- salt
- SessionsTable
- uid FOREIGN KEY
- sessionkey (hashed)
- UsersTable
The way I authenticate users on my website is by the usual combine password with salt and hash it method. For running sessions I put a session key in their browser session and retrieve it on page load to authenticate.
My problem: It seems the XMPP server has it's own user authentication system. I want it to use my existing one so that logged in users can initialize chat immediately without a separate register and login. That will also make it a whole lot easier to verify users.
I read somewhere that MySQL authentication is bad with XMPP: I heard it hogs resources because it, for some reason, has to authenticate the user every time he/she sends a message. If that is true, what is the best way of automating registration of new users? I'll figure out the validation of a user myself I guess, just know I can pass whatever information needed to a logged in user's xmpp client be it username/uid or whatever.
