[MQTT-241] Possible to send password without user name ?(review comment from Nicholas Humfrey) - OASIS Technical Committees Issue Tracker

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.1
Fix Version/s: None
Component/s: core
Labels:
None

Description

Public review comment received from Nicholas Humfrey (point 4)

4) While comparing the differenced between the previous version of the
specification, I noticed that it is no longer possible to send a
password without a username. I thought that this was quite a useful
(albeit unintentional?) feature of the protocol, which could be used to
send API keys, OAuth tokens, or other secrets, without requiring a
(fake/unused) username. It could also be used to provide a password for
a client id, without an additional username.

Attachments

Activity

Hide

Permalink

Richard Coppen (Inactive) added a comment - 12/Feb/15 2:45 PM

TC reviewed and decided to close as per minutes > https://www.oasis-open.org/apps/org/workgroup/mqtt/download.php/53997/OASIS_MQTT_TC_minutes_08212014.pdf >

Rahul Gupta requested a new JIRA be opened to consider other ways of authenticating. See ~~MQTT-255~~ (futures)

Show

Richard Coppen (Inactive) added a comment - 12/Feb/15 2:45 PM TC reviewed and decided to close as per minutes > https://www.oasis-open.org/apps/org/workgroup/mqtt/download.php/53997/OASIS_MQTT_TC_minutes_08212014.pdf > Rahul Gupta requested a new JIRA be opened to consider other ways of authenticating. See MQTT-255 (futures)

People

Assignee:

Unassigned

Reporter:

Richard Coppen (Inactive)

Watchers:

1 Start watching this issue

Dates

Created:

21/Aug/14 10:13 AM

Updated:

12/Feb/15 2:46 PM

Resolved:

12/Feb/15 2:45 PM