On Mon, Apr 28, 2008 at 12:08 AM, Robert Greig <[EMAIL PROTECTED]> wrote:
> On 27/04/2008, Senaka Fernando <[EMAIL PROTECTED]> wrote: > > > OK. I thought that would be better too. But, what made me think twice is > > that > > if the mechanism was PLAIN the password is sent in clear text. > Well what I meant was, if the password is sent in clear text, logging it wouldn't be of much harm. Implementing CRAM-MD5 is something that can be thought about. Regards, Senaka > > > If you mean that people should not use PLAIN, then yes I agree. The > Java broker supports CRAM-MD5 out of the box and I am sure the C++ > guys would be very pleased if you were to implement CRAM-MD5 on the > C++ side (assuming it does not already support it?). > > RG >
