Plain text authentification

Submitted by elshaa on Thu, 2006-10-19 10:52

Hi.

I've been running some tests on my local ejabberd server using or not SSL/TLS.
I tried once with no encryption at all, using this line only :

{5222, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, {shaper, c2s_shaper}]}

I started the server, launched a packet capture on lo (everything is local),and launch psi.
PSI warned my because auth info was about to be sent in plain text. I agreed and successfully auth on the server.

Then, I looked at the packet capture, but I was unable to see the auth info in plain text. The intersting line I saw about auth is :

Quote:

auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>AGphYmJlcgBkNDNsZzhkQ3FBcGs=

What does this chain means ? is it a mix of the username + password... ?

Thank you !

RE: Plain text authentification

Submitted by d.k.brazz on Thu, 2006-10-19 13:40.

"AGphYmJlcgBkNDNsZzhkQ3FBcGs=" - is your login and password encoded by Base64 method
http://en.wikipedia.org/wiki/Base64
it can be decoded as "jabber d43lg8dCqApk"
this method is not secure

Looking for ejabberd docs?

Plain text authentification

RE: Plain text authentification

User login

Navigation