diff options
author | Tobias Markmann <tm@ayena.de> | 2008-11-15 19:12:05 +0100 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2008-11-15 19:12:05 +0100 |
commit | 72e415f8233f2a67f2296b6061618ca5269df593 (patch) | |
tree | 9654df9a8d16c2c905e6c1c878b5b7d3f1b52b0b /plugins/mod_saslauth.lua | |
parent | efb34b5c4af68c37a568e61986a0b93535a50814 (diff) | |
download | prosody-72e415f8233f2a67f2296b6061618ca5269df593.tar.gz prosody-72e415f8233f2a67f2296b6061618ca5269df593.zip |
Adding some TODO for some security issue.
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r-- | plugins/mod_saslauth.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index dd268555..6b945bfc 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -115,6 +115,7 @@ add_event_hook("stream-features", function (session, features) if not session.username then t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>"); + -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. t_insert(features, "<mechanism>PLAIN</mechanism>"); t_insert(features, "<mechanism>DIGEST-MD5</mechanism>"); t_insert(features, "</mechanisms>"); |