You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <ji...@apache.org> on 2017/08/02 14:29:02 UTC
[jira] [Updated] (PROTON-1486) no mechanism to get or set the
additional-data field on sasl-outcome
[ https://issues.apache.org/jira/browse/PROTON-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robbie Gemmell updated PROTON-1486:
-----------------------------------
Summary: no mechanism to get or set the additional-data field on sasl-outcome (was: Proton(-J) provides no mechanism to get or set the additional-data field on sasl-outcome)
> no mechanism to get or set the additional-data field on sasl-outcome
> --------------------------------------------------------------------
>
> Key: PROTON-1486
> URL: https://issues.apache.org/jira/browse/PROTON-1486
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-j
> Affects Versions: proton-j-0.19.0
> Reporter: Rob Godfrey
> Assignee: Keith Wall
> Fix For: proton-j-0.20.0
>
> Attachments: PROTON_1486.patch
>
>
> The Proton Engine API provides no mechanism for getting or setting the additional-data field on sasl-outcome.
> Some SASL mechanisms (e.g. SCRAM-SHA-\*) send additional data along with the outcome (in the case of SCRAM-SHA-\* the additional data is a proof that the server is also aware of the credentials and is not simply just accepting any credential data as part of some sort of attack).
> One approach for the API would be to expose the additional-data field using the send/recv/pending methods used for exchanging the challenge/response in the earlier phases of the sasl exchange.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org