[Apiman-user] Login failure message shows password in the clear

Tue Jan 5 12:17:34 EST 2016

Hi Paul.

Which release of apiman are you using? Can you also attach a screenshot of
the Gateway as you are creating it?

Thanks!

On Tue, Jan 5, 2016 at 11:50 AM, Paul Blair <pblair at clearme.com> wrote:

> I'm setting up a new gateway in apiman. I put in the wrong password for
> the configuration endpoint credentials, and this is what I got on the "New
> Gateway" screen:
>
> *Gateway Configuration Invalid*
> Something has gone wrong when testing the Gateway. Hopefully the details
> (below) will help you figure out what.
>
> {"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The Gateway","description":"Gateway to back-end services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\*"password\":\"api-manager$65454\"*}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer [TOKEN]"}},"statusText":"Unauthorized"}
>
> Granted that only a mistaken password is shown, this still doesn't seem secure, and also makes me wonder if the credential may be exposed in other similar places. Should I raise an issue on this?
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>

-- 
Len DiMaggio (ldimaggi at redhat.com)
JBoss by Red Hat
314 Littleton Road
Westford, MA 01886  USA
tel:  978.392.3179
cell: 781.472.9912
http://www.redhat.com
http://community.jboss.org/people/ldimaggio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20160105/be35b8ed/attachment.html 