[
https://issues.apache.org/jira/browse/DRILL-5943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16246910#comment-16246910
]
ASF GitHub Bot commented on DRILL-5943:
---------------------------------------
Github user sohami commented on the issue:
https://github.com/apache/drill/pull/1028
@laurentgo - Thanks for the review. Updated PR based on comment.
> Avoid the strong check introduced by DRILL-5582 for PLAIN mechanism
> -------------------------------------------------------------------
>
> Key: DRILL-5943
> URL: https://issues.apache.org/jira/browse/DRILL-5943
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.12.0
> Reporter: Sorabh Hamirwasia
> Assignee: Sorabh Hamirwasia
> Fix For: 1.12.0
>
>
> For PLAIN mechanism we will weaken the strong check introduced with
> DRILL-5582 to keep the forward compatibility between Drill 1.12 client and
> Drill 1.9 server. This is fine since with and without this strong check PLAIN
> mechanism is still vulnerable to MITM during handshake itself unlike mutual
> authentication protocols like Kerberos.
> Also for keeping forward compatibility with respect to SASL we will treat
> UNKNOWN_SASL_SUPPORT as valid value. For handshake message received from a
> client which is running on later version (let say 1.13) then Drillbit (1.12)
> and having a new value for SaslSupport field which is unknown to server, this
> field will be decoded as UNKNOWN_SASL_SUPPORT. In this scenario client will
> be treated as one aware about SASL protocol but server doesn't know exact
> capabilities of client. Hence the SASL handshake will still be required from
> server side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
