qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-5922) [Java Broker] By default restrict the use of PLAIN authentication to secure channels
Date Thu, 24 Jul 2014 11:28:38 GMT

    [ https://issues.apache.org/jira/browse/QPID-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073106#comment-14073106
] 

ASF subversion and git services commented on QPID-5922:
-------------------------------------------------------

Commit 1613068 from [~godfrer] in branch 'qpid/trunk'
[ https://svn.apache.org/r1613068 ]

QPID-5922 : [Java Broker] restrict the use of PLAIN authentication to secure channels

> [Java Broker] By default restrict the use of PLAIN authentication to secure channels
> ------------------------------------------------------------------------------------
>
>                 Key: QPID-5922
>                 URL: https://issues.apache.org/jira/browse/QPID-5922
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Rob Godfrey
>            Assignee: Rob Godfrey
>             Fix For: 0.29
>
>
> PLAIN authentication sends passwords in the clear - in general this should not be used
over communication channels which are not themselves encrypted.
> For any given authentication provider we should allow the user to set the subset of SASL
mechanisms which should not be offered if the attempt to authenticate is not occurring on
a secure channel.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message