[
https://issues.apache.org/jira/browse/QPIDJMS-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15227915#comment-15227915
]
Keith Wall commented on QPIDJMS-169:
------------------------------------
Hi Tim,
I am not sure about this change. The old implementation was platform
dependent and certainly wrong, but SASL requires that usernames/passwords are
salsa-preped[1] which defines a character mapping. My reading of the RFCs is
that this applies to SASL PLAIN too.
org.apache.qpid.jms.sasl.AbstractScramSHAMechanism#saslPrep is a noddy
implementation which side steps most of the requirements by restricting the
usernames/passwords to ASCII. I think org.apache.qpid.jms.sasl.PlainMechanism
should at least do the same, or we should switch to a real saslprep algorithm,
but the latter should be coordinated across all the components.
[1] https://www.ietf.org/rfc/rfc4013.txt
> SASL Plain Mechanism should be enforcing UTF-8 encoding
> -------------------------------------------------------
>
> Key: QPIDJMS-169
> URL: https://issues.apache.org/jira/browse/QPIDJMS-169
> Project: Qpid JMS
> Issue Type: Bug
> Components: qpid-jms-client
> Affects Versions: 0.8.0
> Reporter: Timothy Bish
> Assignee: Timothy Bish
> Fix For: 0.9.0
>
>
> When encoding the user / pass in the SASL plain mechanism we aren't enforcing
> UTF-8 encoding which is the required encoding.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
