[jdev] sasl plain again
flashbk2003 at yahoo.com
Mon Apr 17 05:45:42 CDT 2006
I finally managed to authenticate to Wildfire using TSL on port 5222 and plain SASL.
My question is : how secure is this connection ?
Will the data that travels back and forth the client and server be exposed ?
If so, what options do I have to ensure the packets won't be decoded by a third party ?
Adrian Adrian <flashbk2003 at yahoo.com> wrote: Hi Norman,
I will try your suggestions . Thanks !
Norman Rasmussen <norman at rasmussen.co.za> wrote: On 4/13/06, Adrian Adrian wrote:
> Hello list,
> Sorry to bring an old issue again but I'm still not clear with SASL PLAIN
> authentication mechanism.
> My XMPP server is the brand new Wildfire 1.6. The new server update takes
> care of that bug that didn't allow empty auth packet.
> My communication is this :
> C [start stream]
> S [advertises auth mechanism]
> C [select mechanism]
> S [blank challenge]
> C "initial response"
> This "initial response" is giving me a hard time.
> This is the place where I'm supposed to send user name and password base64
> encoded to the server ?
either as part of the auth:
or later as the reponse:
> And another stupid question :
> Is there a way to send credentials in an other form than null character
> delimited ?
No, unfortunatly not.
> The language I write the code with (flash actionscript 2.0) is
> truncating strings at the first '\0' encountered. And as I figure
> base64(str1+"\0"+str2) isn't the same with base64(str1)+'='+base64(str2)
Correct, they're different.
I assume you're using the meychi encoder (I found your comments on
their blog)? Maybe try and post a comment on their forums about
trying to encode nulls.
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev