opcua-asyncio icon indicating copy to clipboard operation
opcua-asyncio copied to clipboard

Published 20 hours ago verified publisher icon FreeOpcUa

Server's UserManager interface is unusable when encryption enabled

Open che2116 opened this issue 4 years ago • 2 comments

When the server uses encryption for data transferring, a password parameter passed to the UserManager.get_user method is encoded and encrypted. So it is impossible to use this data for the user's authentication.

https://reference.opcfoundation.org/v104/Core/docs/Part4/7.36.4/ https://reference.opcfoundation.org/v104/Core/docs/Part4/7.36.2/#7.36.2.2

che2116 avatar Feb 02 '21 09:02 che2116

I'm confused. The spec excerpts you shared both demand the password to be encrypted, so that happening is not a mistake, but specified behavior. At the point the client ist authenticates, the encrypted channel is already established, so it also makes sense that it gets used. Do you mean to say that it doesn't get decrypted on server side early enough to be usable for authentication?

starturtle avatar Feb 02 '21 19:02 starturtle

Do you mean to say that it doesn't get decrypted on server side early enough to be usable for authentication?

Exactly

che2116 avatar Feb 03 '21 06:02 che2116