On 3/6/19 6:18 PM, Paul Reeves wrote:
On Wed, 6 Mar 2019 14:33:49 +0100
Mark Rotteveel <m...@lawinegevaar.nl> wrote:
Srp is not a legacy authentication, it is just slightly less secure
than Srp256
I'm wondering then if I understand the difference between AuthServer and
AuthClient. My understanding is that AuthServer specifies the plugins
the server will use to authorize client attachments. AuthClient
specifies the plugins the client will use to make the initial connect
to the server. So if we have the current default of
AuthServer = Srp256
then surely an FB3 client that uses Srp will be rejected?
To be precise - fbclient < 3.0.4 will be rejected. Since 3.0.4 Srp256
plugin is present in client.
If my understanding is correct srp is a form of legacy authorization,
even if it does not use the legacy_auth plugin.
Yes.
May be 3 check-boxes in installer - Srp256, Srp & Legacy (DES)? When
only one remains checked it becomes grayed (i.e. can't be unchecked).
Default is Srp256.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel