You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Willem Jiang (JIRA)" <ji...@apache.org> on 2015/04/23 09:52:38 UTC
[jira] [Commented] (CAMEL-8607) Camel endpoint RAW password unsafe
characters
[ https://issues.apache.org/jira/browse/CAMEL-8607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14508615#comment-14508615 ]
Willem Jiang commented on CAMEL-8607:
-------------------------------------
The encoding issue is fixed in CAMEL-8649, I will clean up the warning log to avoid logging the username/password.
> Camel endpoint RAW password unsafe characters
> ---------------------------------------------
>
> Key: CAMEL-8607
> URL: https://issues.apache.org/jira/browse/CAMEL-8607
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 2.15.1
> Environment: java version "1.7.0_45", Linux, Mac
> Reporter: Hani ElHaffar
> Assignee: Willem Jiang
> Fix For: 2.16.0
>
>
> I am creating a camel endpoint such as this (somehost/someport/baseurl have been replaced):
> https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)
> This causes camel to log the entire endpoint, including the user/password:
> (DefaultComponent.java:67) - Supplied URI 'https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)' contains unsafe characters, please check encoding
> Consider:
> -It is a security issue to log the username/password
> -Specifiying RAW would allow for special characters, specifically for passwords, as indicated here : https://camel.apache.org/configuring-camel.html, but it seems that UnsafeUriCharactersEncoder is not handling them appropriately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)