[
https://issues.apache.org/jira/browse/QPID-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073108#comment-14073108
]
Rob Godfrey commented on QPID-5922:
-----------------------------------
Note that the JMX Management port may still use what is essentially PLAIN
authentication on a non secure connection since it does not use Sasl -
consideration should be given to change the default for the JMX plugin to
disallow the communication of passwords of an insecure channel.
> [Java Broker] By default restrict the use of PLAIN authentication to secure
> channels
> ------------------------------------------------------------------------------------
>
> Key: QPID-5922
> URL: https://issues.apache.org/jira/browse/QPID-5922
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Rob Godfrey
> Assignee: Rob Godfrey
> Fix For: 0.29
>
>
> PLAIN authentication sends passwords in the clear - in general this should
> not be used over communication channels which are not themselves encrypted.
> For any given authentication provider we should allow the user to set the
> subset of SASL mechanisms which should not be offered if the attempt to
> authenticate is not occurring on a secure channel.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
