You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@camel.apache.org by "Marco Zapletal (JIRA)" <ji...@apache.org> on 2014/07/09 16:09:05 UTC

[jira] [Created] (CAMEL-7587) MessageHistory stores passwords in plain text

Marco Zapletal created CAMEL-7587:
-------------------------------------

             Summary: MessageHistory stores passwords in plain text
                 Key: CAMEL-7587
                 URL: https://issues.apache.org/jira/browse/CAMEL-7587
             Project: Camel
          Issue Type: Bug
          Components: camel-core
    Affects Versions: 2.13.2
            Reporter: Marco Zapletal
            Priority: Minor


The MessageHistory feature currently keeps passwords in plain text in case they are part of the URI. 
MessageHelper.doDumpMessageHistoryStacktrace() does some sanitizing, but only for the from node - other nodes/processors are currently not sanitized. 
In order to prevent handling sensitive information in the message history in general, I would suggest to sanitize the URI already when storing a MessageHistory item. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)