[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (MQTT-241) Possible to send password without user name ?(review comment from Nicholas Humfrey)
Richard Coppen created MQTT-241: ----------------------------------- Summary: Possible to send password without user name ?(review comment from Nicholas Humfrey) Key: MQTT-241 URL: https://issues.oasis-open.org/browse/MQTT-241 Project: OASIS Message Queuing Telemetry Transport (MQTT) TC Issue Type: Improvement Components: core Affects Versions: 3.1.1 Reporter: Richard Coppen Public review comment received from Nicholas Humfrey (point 4) 4) While comparing the differenced between the previous version of the specification, I noticed that it is no longer possible to send a password without a username. I thought that this was quite a useful (albeit unintentional?) feature of the protocol, which could be used to send API keys, OAuth tokens, or other secrets, without requiring a (fake/unused) username. It could also be used to provide a password for a client id, without an additional username. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]