You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2021/09/18 07:11:00 UTC
[jira] [Updated] (CAMEL-16403) camel-core - URI parsing sensitive
keys
[ https://issues.apache.org/jira/browse/CAMEL-16403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-16403:
--------------------------------
Fix Version/s: (was: 3.12.0)
3.13.0
> camel-core - URI parsing sensitive keys
> ---------------------------------------
>
> Key: CAMEL-16403
> URL: https://issues.apache.org/jira/browse/CAMEL-16403
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Reporter: Claus Ibsen
> Assignee: Claus Ibsen
> Priority: Major
> Fix For: 3.13.0
>
>
> With SensitiveUtils we know have a full list of known property names that are sensitive.
> We can use this in endpoint uri parsing to know that its value should be used as-is (eg like it was RAW( ))
> Thought with RAW() there is still some decoding due to URI invalid chars, eg you can't have special chars in the uri, so they get decimal encoded.
> Another approach: We could also just generate a random uuid as placeholder for the value, which is backed in some internal registry/vault which then is used to lookup the actual value, when in use.
> However the uri may be used to call external service, like a http / ftp with username:password combination, so you may want an uri representation with the actual value. Likewise if there is some api tokens in the uri.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)