You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (JIRA)" <ji...@apache.org> on 2018/05/04 07:28:00 UTC
[jira] [Commented] (CAMEL-12480) HttpOperationFailedException
exposes password when using basic auth with user:password@host notation
[ https://issues.apache.org/jira/browse/CAMEL-12480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16463490#comment-16463490 ]
Claus Ibsen commented on CAMEL-12480:
-------------------------------------
Yeah good point, its also in camel-ahc, camel-netty-http netty4-http. There is URISupport that has a method to mask, which we use in other places.
A PR to fix this is welcome
> HttpOperationFailedException exposes password when using basic auth with user:password@host notation
> ----------------------------------------------------------------------------------------------------
>
> Key: CAMEL-12480
> URL: https://issues.apache.org/jira/browse/CAMEL-12480
> Project: Camel
> Issue Type: Bug
> Components: camel-http-common
> Affects Versions: 2.21.0
> Reporter: Pascal Schumacher
> Priority: Minor
> Fix For: 2.20.4, 2.21.2, 2.22.0
>
>
> Simplified route:
> {code}
> from(inUri)
> .toD("http4://user:password@host:port/path");
> {code}
> When a HttpOperationFailedException occurs the message contains the unmasked password e.g. "HTTP operation failed invoking http://user:password@host:port/path ..."
> I guess Camel should mask the password.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)