On Tue, Jan 5, 2016 at 11:50 AM, Paul Blair <pblair@clearme.com> wrote:
I'm setting up a new gateway in apiman. I put in the wrong password for the configuration endpoint credentials, and this is what I got on the "New Gateway" screen:
Gateway Configuration InvalidSomething has gone wrong when testing the Gateway. Hopefully the details (below) will help you figure out what.{"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The Gateway","description":"Gateway to back-end services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\"password\":\"api-manager$65454\"}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer [TOKEN]"}},"statusText":"Unauthorized"}Granted that only a mistaken password is shown, this still doesn't seem secure, and also makes me wonder if the credential may be exposed in other similar places. Should I raise an issue on this?
_______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user
--
Len DiMaggio (ldimaggi@redhat.com)
JBoss by Red Hat
314 Littleton Road
Westford, MA 01886 USA
tel: 978.392.3179
cell: 781.472.9912
http://www.redhat.com
http://community.jboss.org/people/ldimaggio
JBoss by Red Hat
314 Littleton Road
Westford, MA 01886 USA
tel: 978.392.3179
cell: 781.472.9912
http://www.redhat.com
http://community.jboss.org/people/ldimaggio