[QPID-5922] [Java Broker] By default restrict the use of PLAIN authentication to secure channels - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.29
Component/s: Broker-J
Labels:
None

Description

PLAIN authentication sends passwords in the clear - in general this should not be used over communication channels which are not themselves encrypted.

For any given authentication provider we should allow the user to set the subset of SASL mechanisms which should not be offered if the attempt to authenticate is not occurring on a secure channel.

Attachments

Activity

People

Assignee:: Robert Godfrey

Reporter:: Robert Godfrey

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Jul/14 11:20

Updated:: 14/Mar/17 20:13

Resolved:: 24/Feb/15 21:37