[Apiman-user] Login failure message shows password in the clear
Paul Blair
pblair at clearme.com
Tue Jan 5 13:23:05 EST 2016
Ticket including screenshot is here:
https://issues.jboss.org/browse/APIMAN-876
Version is 1.1.9.Final.
On 1/5/16, 12:30 PM, "Eric Wittmann" <eric.wittmann at redhat.com> wrote:
>Yes please raise a JIRA issue for this.
>
>Thanks!
>
>-Eric
>
>On 1/5/2016 11:50 AM, Paul Blair wrote:
>> I'm setting up a new gateway in apiman. I put in the wrong password for
>> the configuration endpoint credentials, and this is what I got on the
>> "New Gateway" screen:
>>
>> *Gateway Configuration Invalid*
>> Something has gone wrong when testing the Gateway. Hopefully the details
>> (below) will help you figure out what.
>>
>>
>>{"data":"<html><head><title>Error</title></head><body>Unauthorized</body>
>></html>","status":401,"config":{"method":"PUT","transformRequest":[null],
>>"transformResponse":[null],"data":{"name":"The
>>Gateway","description":"Gateway to back-end
>>services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-g
>>ateway-api/\",\"username\":\"apimanager\",\*"password\":\"api-manager$654
>>54\"*}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","head
>>ers":{"Accept":"application/json, text/plain,
>>*/*","Content-Type":"application/json;charset=utf-8","Authorization":"Bea
>>rer [TOKEN]"}},"statusText":"Unauthorized"}
>>
>> Granted that only a mistaken password is shown, this still doesn't seem
>> secure, and also makes me wonder if the credential may be exposed in
>> other similar places. Should I raise an issue on this?
>>
>>
>>
>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
More information about the Apiman-user
mailing list