mod_auth_external considered insecure
13 views
Skip to first unread message
Matthew Wild
Feb 6, 2020, 4:13:42 PM2/6/20
to Prosody IM Users Group, Prosody IM Developers Group
Hi folks,
This is a quick note to say that I have just renamed mod_auth_external
to mod_auth_external_insecure in prosody-modules as a result of a
couple of concerning reports of incorrect behaviour in some
circumstances.
I haven't been able to reproduce the behaviour locally, but given that
the module is not really maintained at this point and has a number of
issues, I'm making the call to explicitly deprecate it.
In anticipation of people depend on the module, I'm not ruling out a
potential replacement in the future, but it would likely be based on a
different design, drop compatibility with the old ejabberd protocol
and instead use a new and much more robust (and secure) protocol for
communication with the script.
However I'd strongly encourage people to consider whether one of the
many other auth modules available in both prosody and prosody-modules,
and consider whether one of these might be a better option for your
use-case.
Regards,
Matthew
This is a quick note to say that I have just renamed mod_auth_external
to mod_auth_external_insecure in prosody-modules as a result of a
couple of concerning reports of incorrect behaviour in some
circumstances.
I haven't been able to reproduce the behaviour locally, but given that
the module is not really maintained at this point and has a number of
issues, I'm making the call to explicitly deprecate it.
In anticipation of people depend on the module, I'm not ruling out a
potential replacement in the future, but it would likely be based on a
different design, drop compatibility with the old ejabberd protocol
and instead use a new and much more robust (and secure) protocol for
communication with the script.
However I'd strongly encourage people to consider whether one of the
many other auth modules available in both prosody and prosody-modules,
and consider whether one of these might be a better option for your
use-case.
Regards,
Matthew
Reply all
Reply to author
Forward
0 new messages