[#CONJ-872] Restrict authentication plugin list by option

[CONJ-872] Restrict authentication plugin list by option Created: 2021-04-08 Updated: 2021-05-11 Resolved: 2021-04-22
Status:	Closed
Project:	MariaDB Connector/J
Component/s:	authentication
Affects Version/s:	None
Fix Version/s:	3.0.0

Type:

New Feature

Priority:

Major

Reporter:

Diego Dupin

Assignee:

Diego Dupin

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~CONC-544~~	No downgrade protection for ed25519 c...	Closed

Description

Goal is to disable use of unsecured authentication plugin without explicit option setting.
this is to avoid man in the middle fake server/ compromised server to retrieve password in clear

Comments

Comment by Diego Dupin [ 2021-04-22 ]

new option `restrictedAuth`
if set, restrict authentication plugin to secure list (separated by comma).

Default provided plugins are mysql_native_password,client_ed25519,auth_gssapi_client,caching_sha2_password,dialog and mysql_clear_password.

Default value :null

Generated at Thu Feb 08 03:18:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONJ-872] Restrict authentication plugin list by option Created: 2021-04-08 Updated: 2021-05-11 Resolved: 2021-04-22