Comment 5 for bug 197323
Revision history for this message
| Mats (matsben) wrote Re: [Bug 197323] Re: New default: disable scramble password option | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Sun, Jun 22, 2008 at 9:38 AM, sander <email address hidden> wrote:
> Did you still thought about this? What about changing this option so
> that it only tries with a plaintext password when the connection is
> secured? If the connection is not secure it should use the scrambled
> password. If this fails it should ask the user with a warning dialog if
> it should try again with a plaintext password.
>
> So, it should work like this:
> if connection is encrypted; use plaintext password
> else; use scrambled password
> if connection fails; show warning dialog and ask user to connect in an unsafe way
SASL has its own way of sending the password that has nothing to do
with "plain text password" option. That option only applies to the old
jabber way of connecting to servers. Perhaps I shall put the SASL/TLS
tab first in order. Then the question of failbacks:
If tls fails I think the whole connection process fails, but can't
find a server right now
without TLS. Ahh, my own, of course. So if SASL/TLS fails fallback to SASL.
And if that fails, fallback to old jabber way with message as indicated.
In the old jabber world "scramble password" always worked. There is no
need to have a fallback from this.
>
> PS: the text in the warning dialog should suggest the user to contact
> its server admin regarding the security leak in his server.
In that case I don't wont to be a server admin :-)
>
>
> Related: "Note! You have to enable plain password authentication in your Jabber client to connect to the Tigase server with Drupal database" (from: http://
>
> --
> New default: disable scramble password option
> https:/
> You received this bug notification because you are a bug assignee.
>