Sorabh Hamirwasia created DRILL-5943:
----------------------------------------
Summary: Avoid the strong check introduced by DRILL-5582 for PLAIN
mechanism
Key: DRILL-5943
URL: https://issues.apache.org/jira/browse/DRILL-5943
Project: Apache Drill
Issue Type: Improvement
Reporter: Sorabh Hamirwasia
Assignee: Sorabh Hamirwasia
For PLAIN mechanism we will weaken the strong check introduced with DRILL-5582
to keep the forward compatibility between Drill 1.12 client and Drill 1.9
server. This is fine since with and without this strong check PLAIN mechanism
is still vulnerable to MITM during handshake itself unlike mutual
authentication protocols like Kerberos.
Also for keeping forward compatibility with respect to SASL we will treat
UNKNOWN_SASL_SUPPORT as valid value. For handshake message received from a
client which is running on later version (let say 1.13) then Drillbit (1.12)
and having a new value for SaslSupport field which is unknown to server, this
field will be decoded as UNKNOWN_SASL_SUPPORT. In this scenario client will be
treated as one aware about SASL protocol but server doesn't know exact
capabilities of client. Hence the SASL handshake will still be required from
server side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
