This is the FlashMQ log when attempting to connect from MQTT Explorer with only the IP entered and no username or password supplied:
[2024-06-16 11:17:00.755] [NOTICE] [main] Accepting connection from: address='192.168.88.250', transport='TCP/Non-SSL', fd=18
[2024-06-16 11:17:00.756] [NOTICE] [T 0] Removing client '[ClientID='', username='', fd=18, keepalive=10s, transport='TCP/Non-SSL', address='192.168.88.250', prot=3.1.1, clean=0]'. R
eason(s): Attempting anonymous login with zero byte username. See config option 'zero_byte_username_is_anonymous'.
The documentation for flashmq.conf config option zero_byte_username_is_anonymous is:
zero_byte_username_is_anonymous true/false
The proper way to signal an anonymous client is by setting the 'username present' flag in the CONNECT packet to 0, which in MQTT3 also demands the absence of a
password. However, there are also clients out there that set the 'username present' flag to 1 and then give an empty username. This is an undesirable situation,
because it means there are two ways to identify an anonymous client.
Anonymous clients are not authenticated against a loaded plugin when allow_anonymous is true. With this option enabled, that means users with empty string as user‐
names also aren't.
I spoke to the developer and he said:
What it does, is say the connect packet has a username, and then make it an empty string. I think that is different than saying the connect packet DOES NOT include a username. The latter makes it a true anon client.
This is the FlashMQ log when attempting to connect from MQTT Explorer with only the IP entered and no username or password supplied:
The documentation for
flashmq.conf
config optionzero_byte_username_is_anonymous
is:I spoke to the developer and he said: