[
https://issues.apache.org/jira/browse/TINKERPOP-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15245746#comment-15245746
]
ASF GitHub Bot commented on TINKERPOP-1263:
-------------------------------------------
Github user mike-tr-adamson commented on the pull request:
https://github.com/apache/incubator-tinkerpop/pull/291#issuecomment-211403744
@PommeVerte I'm not sure what prepending it or adding it makes any
difference to the negotiation. I prepended it so it was (potentially) the first
element in the payload that could be checked without having to read the whole
payload. As you said, it was a choice.
I believe that the RFC says that a negotiation can happen after
authentication but that doesn't provide any real protection against downgrade.
I'd prefer that this sort of protection was left to 3rd party implementations
in the form of additional authorization checks against mechanism usage.
> Pass SASL mechanism name through with initial SASL response
> -----------------------------------------------------------
>
> Key: TINKERPOP-1263
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1263
> Project: TinkerPop
> Issue Type: Improvement
> Components: driver
> Affects Versions: 3.1.2-incubating
> Reporter: Mike Adamson
> Assignee: stephen mallette
> Fix For: 3.1.3, 3.2.1
>
>
> Support was added to the client driver to allow either plain text or GSSAPI
> SASL authentication. This improvement is for the client to pass the name of
> the mechanism as part of the initial SASL response. This gives the server
> side SASL handler the option to negotiate whether it will allow the specific
> mechanism.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
