qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-150) Scram SHA SASL support for authentication
Date Sat, 20 Feb 2016 20:39:18 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15155746#comment-15155746

Robbie Gemmell commented on QPIDJMS-150:

I skimmed the patch *very* quickly (will take a closer look when I'm at less risk of sneezing
everywhere :(), the only things that stuck out doing that were: possibly use comment instead
of javadoc for the licence header, and it could do with some tests (I'm guessing maybe some
source material suffers similar issue?;) ), given they will be by far the most complicated
of the supported mechs but also among the highest priority. SaslIntegrationTest has some brokerless
SASL tests using the full client, but other than verifying when the mechs get selected pure
unit test of the mechs might be a lot easier in this case.

> Scram SHA SASL support for authentication
> -----------------------------------------
>                 Key: QPIDJMS-150
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-150
>             Project: Qpid JMS
>          Issue Type: Improvement
>          Components: qpid-jms-client
>            Reporter: Keith Wall
>         Attachments: 0001-QPIDJMS-150-Support-for-SASL-SCRAM-SHA1-256.patch
> The SCRAM SHA-1 and 256 SASL mechanisms https://tools.ietf.org/html/rfc5802 offer better
security than older SASL implementations. In particular the authentication information stored
in the authentication database is not sufficient to impersonate the client if the database
were to be stolen.
> (The Java Broker already supports these mechanisms. The intention is to switch to recommend
SCRAM instead of CRAM-MD5 shortly.  One barrier to making this switch is the absence of support
in the client).

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message