[jdev] sasl plain again

Adrian Adrian flashbk2003 at yahoo.com
Mon Apr 17 05:45:42 CDT 2006

  I finally managed to authenticate to Wildfire using TSL on port 5222 and plain SASL. 
  My question is : how secure is this connection ? 
  Will the data that travels back and forth the client and server be exposed ? 
  If so, what options do I have to ensure the packets won't be decoded by a third party ? 

Adrian Adrian <flashbk2003 at yahoo.com> wrote:  Hi Norman, 
  I will try your suggestions . Thanks !

Norman Rasmussen <norman at rasmussen.co.za> wrote:  On 4/13/06, Adrian Adrian  wrote:
> Hello list,
>  Sorry to bring an old issue again but I'm still not clear with SASL PLAIN
> authentication mechanism.
>  My XMPP server is the brand new Wildfire 1.6. The new server update takes
> care of that bug that didn't allow empty auth packet.
>  My communication is this :
>  C [start stream]
>  S [advertises auth mechanism]
>  C [select mechanism]
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'mechanism='PLAIN'/>
>  S [blank challenge]
> xmlns="urn:ietf:params:xml:ns:xmpp-sasl">=
>  C    "initial response"
>  This "initial response" is giving me a hard time.
>  This is the place where I'm supposed to send user name and password base64
> encoded to the server ?

either as part of the auth:

or later as the reponse:

>  And another stupid question :
>  Is there a way to send credentials in an other form than null character
> delimited ?
No, unfortunatly not.

> The language I write the code with (flash actionscript 2.0) is
> truncating strings at the first '\0' encountered. And as I figure
> base64(str1+"\0"+str2) isn't the same with  base64(str1)+'='+base64(str2)
Correct, they're different.

I assume you're using the meychi encoder (I found your comments on
their blog)?  Maybe   try and post a comment on their forums about
trying to encode nulls.

- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/


Blab-away for as little as 1¢/min. Make  PC-to-Phone Calls using Yahoo! Messenger with Voice.

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1&cent;/min.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060417/321d1163/attachment-0002.htm>

More information about the JDev mailing list