Mercurial > lxmppd-hg-xmllex / changeset

changeset

Adding some TODO for some security issue.

Sat, 15 Nov 2008 19:12:05 +0100

author
Tobias Markmann <tm@ayena.de>
date
Sat, 15 Nov 2008 19:12:05 +0100
changeset 283
8e1fd8ff66ee
parent 282
80e7de32b618
child 285
372d0891e8fd

Adding some TODO for some security issue.

plugins/mod_saslauth.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_saslauth.lua	Sat Nov 15 13:47:17 2008 +0100
+++ b/plugins/mod_saslauth.lua	Sat Nov 15 19:12:05 2008 +0100
@@ -115,6 +115,7 @@
 					function (session, features)												
 						if not session.username then
 							t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>");
+							-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 								t_insert(features, "<mechanism>PLAIN</mechanism>");
 								t_insert(features, "<mechanism>DIGEST-MD5</mechanism>");
 							t_insert(features, "</mechanisms>");

Mercurial Repository: lxmppd-hg-xmllex

mercurial