Andrew Stitcher commented on PROTON-950:

Given that the 0.10 version of the Python reactive API should work correctly 
with any other SASL mech just by setting the user and password to the API I'm 
not sure that the potential accidental security loss is worth it for an such a 
new API. 

You can still use the allow_insecure_mechs SASL property to allow PLAIN in this 

However if you feel this is widely used I can change it in the same way as I'm 
proposing for the messenger API.

> SASL PLAIN over cleartext should be supported
> ---------------------------------------------
>                 Key: PROTON-950
>                 URL: https://issues.apache.org/jira/browse/PROTON-950
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.10
>            Reporter: Ted Ross
>            Assignee: Andrew Stitcher
>            Priority: Blocker
>             Fix For: 0.10
> In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if 
> the connection is encrypted (using SSL).  This is a surprising change of 
> behavior from earlier versions of Proton and it's arguable that a security 
> policy like that should be left to the application using the Proton library.

This message was sent by Atlassian JIRA

Reply via email to