[jboss-jira] [JBoss JIRA] (SASL-29) Increase limit for the number of characters in PLAIN SASL mechanism
David Lloyd (JIRA)
jira-events at lists.jboss.org
Wed Mar 21 13:54:47 EDT 2012
[ https://issues.jboss.org/browse/SASL-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12678417#comment-12678417 ]
David Lloyd commented on SASL-29:
---------------------------------
I went back and re-read the RFC and I see I interpreted it incorrectly: the spec says that the server must accept *at* *least* 255 octets, but does not seem to place an upper limit. Therefore I think this request should be accepted and implemented. We should have a limit to avoid DoS, but something on the order of magnitude of 65536 or greater is probably appropriate.
> Increase limit for the number of characters in PLAIN SASL mechanism
> -------------------------------------------------------------------
>
> Key: SASL-29
> URL: https://issues.jboss.org/browse/SASL-29
> Project: JBoss SASL Provider
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Environment: OS: Ubuntu 10.0.4
> AS: Jboss 7.1.0
> JDK: 1.6.22
> Reporter: Daniel Jipa
> Assignee: Darran Lofthouse
>
> My custom login module uses private/public key mechanism for passing password strings through TCP.
> The PLAIN SASL password string limit is exceeded giving me this error:
> TRACE [org.jboss.remoting.remote.server] (Remoting "danieljipa" task-3) Server sending authentication rejected (javax.security.sasl.SaslException: Password string is too long)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list