[Apiman-user] Login failure message shows password in the clear
Eric Wittmann
eric.wittmann at redhat.com
Tue Jan 5 12:30:13 EST 2016
Yes please raise a JIRA issue for this.
Thanks!
-Eric
On 1/5/2016 11:50 AM, Paul Blair wrote:
> I'm setting up a new gateway in apiman. I put in the wrong password for
> the configuration endpoint credentials, and this is what I got on the
> "New Gateway" screen:
>
> *Gateway Configuration Invalid*
> Something has gone wrong when testing the Gateway. Hopefully the details
> (below) will help you figure out what.
>
> {"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The Gateway","description":"Gateway to back-end services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\*"password\":\"api-manager$65454\"*}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer [TOKEN]"}},"statusText":"Unauthorized"}
>
> Granted that only a mistaken password is shown, this still doesn't seem
> secure, and also makes me wonder if the credential may be exposed in
> other similar places. Should I raise an issue on this?
>
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
More information about the Apiman-user
mailing list