Topic Path: Symbol Reference > Classes > TIdSASLAnonymous Class
TIdSASLAnonymous Class

Implements the Anonymous SASL (Simple Authentication and Security Layer) Mechanism.

TIdSASLAnonymous = class(TIdSASL);

TIdSASLAnonymous is a TIdSASL descendant that implements the Anonymous SASL Mechanism, as described in the Internet Standards documents: 

RFC 2245 - Anonymous SASL Mechanism  

RFC 2222 - Simple Authentication and Security Layer (SASL)  

SASL authentication mechanism names must be registered with the IANA. The current list of registered SASL authentication mechanisms is located at: 

IANA Official Simple Authentication and Security Layer Mechanisms  

The Anonymous SASL mechanism consists of a single message from the client to the server. The client sends optional trace information in the form of a human readable string. The trace information should take one of three forms: 

  • an Internet email address
  • an opaque string which does not contain the '@' character and can be interpreted by the system administrator of the client domain
  • a blank value

The trace information used in Anonymous SASL is not authenticated - so it can be falsified. This can be used as an attempt to get someone else in trouble for access to questionable information. Administrators trying to trace abuse need to realize this information may be falsified. 

The Anonymous SASL mechanism grants access to information by anyone. For this reason it should be disabled by default so the administrator can make an explicit decision to enable it. 

A server which permits anonymous access will announce support for the ANONYMOUS mechanism, and allow anyone to log in using that mechanism, usually with restricted access. 

Protocols which fail to require an explicit anonymous login are more susceptible to break-ins given certain common implementation techniques. Normally such servers refuse all data access commands prior to explicit login and may enter a restricted security environment (e.g., the Unix chroot function) for anonymous users. Protocols which offer restricted data access should not allow anonymous data access without an explicit login step. 

TIdSASLAnonymous extends the ancestor class by implementing the ServiceName and StartAuthenticate methods specified in TIdSASL. TIdSASLAnonymous also include the TraceInfo property that represents the optional trace information for the authentication mechanism. 

During initialization of the component, TIdSASLAnonymous sets the SecurityLevel property to the value 0 (zero), indicating no security is provided as part of the authentication mechanism.

Copyright 1993-2006, Chad Z. Hower (aka Kudzu) and the Indy Pit Crew. All rights reserved.
Post feedback to the Indy Docs Newsgroup.