Hi Robert, Hi Senaka, > > I think the best thing to do is simply ensure that the response field > of start-ok is never logged irrespective of the SASL mechanism being > used. That is safer and probably simpler (since ideally we will want > people to be able to plug in arbitrary SASL implementations at some > point in the future so you can't necessarily make a decision whether > to log or not).
OK. I thought that would be better too. But, what made me think twice is that if the mechanism was PLAIN the password is sent in clear text. Regards, Senaka > > > The Java broker does support CRAM-MD5 but I think the C++ broker only > does PLAIN at the moment. > > RG >
