[
https://issues.apache.org/jira/browse/PROTON-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14652190#comment-14652190
]
Robbie Gemmell commented on PROTON-950:
---------------------------------------
Can anyone clue me in on how you would enable the new transport flag
client-side with the python reactive bits, to allow connecting to a server
offering PLAIN without using SSL? I had a look but didn't see a way to do so.
My interest is for new or existing users connecting to servers that e.g only
support PLAIN (and possibly ANONYMOUS), such as ActiveMQ or some others, who
are doing so without SSL.
This all also makes me wonder if the default shouldn't be the other way round
(particularly if there is actually no easy way to use the new transport option
in some cases). I believe the engine allows ANONYMOUS and no-SASL-layer by
default currently, so it seems strange that we would deny use of PLAIN in the
same situtation. The argument for allowing ANONYMOUS was that it eased initial
pickup by new developers, and that people will secure their production setups;
it feels to me that essentially the same argument applies for PLAIN without SSL
and that treating them differently is perhaps a bit inconsistent.
> SASL PLAIN over cleartext should be supported
> ---------------------------------------------
>
> Key: PROTON-950
> URL: https://issues.apache.org/jira/browse/PROTON-950
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.10
> Reporter: Ted Ross
> Assignee: Andrew Stitcher
> Priority: Blocker
> Fix For: 0.10
>
>
> In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if
> the connection is encrypted (using SSL). This is a surprising change of
> behavior from earlier versions of Proton and it's arguable that a security
> policy like that should be left to the application using the Proton library.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
