Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This disables the PLAIN mechanism for SASL authentication which would transmit a users password as plain text during. Instead only the SCRAM-SHA-1 and SCRAM-SHA-1-PLUS mechanisms are supported now. As SCRAM-SHA1 and SCRAM-SHA1-PLUS are mandatory to be supported by XMPP clients and servers and were prioritised higher than the PLAIN mechansim in the preference order by ejabberd before, this doesn't change how XMPP clients connect, but avoids unintentional use of the PLAIN mechanism in rare circumstances. Please note that these changes only affect authentication of registered users. During inband registration the password is still submitted in plain text.
- Loading branch information