Rob Godfrey created QPID-5922:
---------------------------------
Summary: [Java Broker] By default restrict the use of PLAIN
authentication to secure channels
Key: QPID-5922
URL: https://issues.apache.org/jira/browse/QPID-5922
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Reporter: Rob Godfrey
Assignee: Rob Godfrey
Fix For: 0.29
PLAIN authentication sends passwords in the clear - in general this should not
be used over communication channels which are not themselves encrypted.
For any given authentication provider we should allow the user to set the
subset of SASL mechanisms which should not be offered if the attempt to
authenticate is not occurring on a secure channel.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
