drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sorabh Hamirwasia (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-5943) Avoid the strong check introduced by DRILL-5582 for PLAIN mechanism
Date Tue, 07 Nov 2017 21:36:00 GMT
Sorabh Hamirwasia created DRILL-5943:

             Summary: Avoid the strong check introduced by DRILL-5582 for PLAIN mechanism
                 Key: DRILL-5943
                 URL: https://issues.apache.org/jira/browse/DRILL-5943
             Project: Apache Drill
          Issue Type: Improvement
            Reporter: Sorabh Hamirwasia
            Assignee: Sorabh Hamirwasia

For PLAIN mechanism we will weaken the strong check introduced with DRILL-5582 to keep the
forward compatibility between Drill 1.12 client and Drill 1.9 server. This is fine since with
and without this strong check PLAIN mechanism is still vulnerable to MITM during handshake
itself unlike mutual authentication protocols like Kerberos.

Also for keeping forward compatibility with respect to SASL we will treat UNKNOWN_SASL_SUPPORT
as valid value. For handshake message received from a client which is running on later version
(let say 1.13) then Drillbit (1.12) and having a new value for SaslSupport field which is
unknown to server, this field will be decoded as UNKNOWN_SASL_SUPPORT. In this scenario client
will be treated as one aware about SASL protocol but server doesn't know exact capabilities
of client. Hence the SASL handshake will still be required from server side.

This message was sent by Atlassian JIRA

View raw message