[
https://issues.apache.org/jira/browse/QPID-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073106#comment-14073106
]
ASF subversion and git services commented on QPID-5922:
-------------------------------------------------------
Commit 1613068 from [~godfrer] in branch 'qpid/trunk'
[ https://svn.apache.org/r1613068 ]
QPID-5922 : [Java Broker] restrict the use of PLAIN authentication to secure
channels
> [Java Broker] By default restrict the use of PLAIN authentication to secure
> channels
> ------------------------------------------------------------------------------------
>
> Key: QPID-5922
> URL: https://issues.apache.org/jira/browse/QPID-5922
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Rob Godfrey
> Assignee: Rob Godfrey
> Fix For: 0.29
>
>
> PLAIN authentication sends passwords in the clear - in general this should
> not be used over communication channels which are not themselves encrypted.
> For any given authentication provider we should allow the user to set the
> subset of SASL mechanisms which should not be offered if the attempt to
> authenticate is not occurring on a secure channel.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
