[Pidgin] #11320: Pidgin incorrectly requests plaintext auth over an unencrypted connection for XMPP if an unknown mechanism is seen by cyrus-sasl
Pidgin
trac at pidgin.im
Tue Feb 9 16:42:12 EST 2010
#11320: Pidgin incorrectly requests plaintext auth over an unencrypted connection
for XMPP if an unknown mechanism is seen by cyrus-sasl
-------------------------+--------------------------------------------------
Reporter: dreiss | Owner: deryni
Type: enhancement | Status: new
Milestone: | Component: XMPP
Version: 2.6.4 | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment(by dreiss):
My coworker suggested a possible solution. Only pop this dialog if the
"PLAIN" mechanism is supported. This is the only plaintext authentication
mechanism in wide use by Jabber servers, so it should be an accurate test
in practice (right?). If a server supported another plaintext mechanism,
the effect of this change would *not* be exposing the user's password.
Instead, it would just say "authentication failed" and the user would have
to manually enable plaintext auth over unencrypted connections. I'm not
sure how this would interact with non-SASL authentication. If this
solution would be considered acceptable, I can develop, test, and submit a
patch.
--
Ticket URL: <http://developer.pidgin.im/ticket/11320#comment:2>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list