[jboss-dev-forums] [Design of Security on JBoss] - Re: SRP and SASL
scott.stark@jboss.org
do-not-reply at jboss.com
Fri Oct 19 10:16:25 EDT 2007
Ok, I'll take a look at it when I get a chance. Another workaround is to just fix the parameters for a user via lookup outside of the sasl exchange, or fix them period. This is discussed some in this paper:
http://srp.stanford.edu/srp6.ps
Encoding the information in the 'password' would also not be that bad. Just make it the base64 representation of the byte[] from an ObjectOutputStream containing the serialized parameters.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4096995#4096995
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4096995
More information about the jboss-dev-forums
mailing list