Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Minor - P4
Fix Version/s: 4.2.0-rc4, 4.0.12, 4.3.1
Affects Version/s: None
Component/s: Logging, Security
Labels:
- neweng

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.2, v4.0
Sprint:
Security 2019-06-03, Security 2019-06-17, Security 2019-07-01
Case:
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

The security.authenticationMechanisms parameter (as documented here) requires that "If you specify multiple values, use a comma-separated list and no spaces."

If you put a space like for example:

authenticationMechanisms: "SCRAM-SHA-256, GSSAPI"

SCRAM-SHA-256 will be enabled and GSSAPI not in a silent way. This can trick users and who needs to troubleshoot this.

It would be nice to have a warning message that warns you that you have a space in the authenticationMechanisms parameter string and all the auth mechanisms specified may have not been enabled because of that.

Assignee:: Jason Piao (Inactive)
Reporter:: Emilio Scalise
Participants:: Emilio Scalise, Githook User, Jason Piao
Votes:: 1 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: May 15 2019 08:52:46 AM UTC
Updated:: Oct 29 2023 10:21:01 PM UTC
Resolved:: Jun 20 2019 02:27:40 PM UTC
Confidence Status Last Update:: 07/Jun/19 3:48 PM

Details

Description

Attachments

Forms

Activity

People

Dates