[ https://issues.apache.org/jira/browse/QPIDJMS-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15227915#comment-15227915 ]
Keith Wall commented on QPIDJMS-169: ------------------------------------ Hi Tim, I am not sure about this change. The old implementation was platform dependent and certainly wrong, but SASL requires that usernames/passwords are salsa-preped[1] which defines a character mapping. My reading of the RFCs is that this applies to SASL PLAIN too. org.apache.qpid.jms.sasl.AbstractScramSHAMechanism#saslPrep is a noddy implementation which side steps most of the requirements by restricting the usernames/passwords to ASCII. I think org.apache.qpid.jms.sasl.PlainMechanism should at least do the same, or we should switch to a real saslprep algorithm, but the latter should be coordinated across all the components. [1] https://www.ietf.org/rfc/rfc4013.txt > SASL Plain Mechanism should be enforcing UTF-8 encoding > ------------------------------------------------------- > > Key: QPIDJMS-169 > URL: https://issues.apache.org/jira/browse/QPIDJMS-169 > Project: Qpid JMS > Issue Type: Bug > Components: qpid-jms-client > Affects Versions: 0.8.0 > Reporter: Timothy Bish > Assignee: Timothy Bish > Fix For: 0.9.0 > > > When encoding the user / pass in the SASL plain mechanism we aren't enforcing > UTF-8 encoding which is the required encoding. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org