You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2020/10/06 06:29:21 UTC

[GitHub] [camel] JiriOndrusek commented on pull request #4361: CAMEL-15619 camel-shiro: allow custom implementation of serialization

JiriOndrusek commented on pull request #4361:
URL: https://github.com/apache/camel/pull/4361#issuecomment-704059925


   @davsclaus Yes, I thought so also. But then I've realized that right after serialization (which is not public and used only in the helper) there is an encryption executed by shiro - https://github.com/apache/camel/pull/4361/files#diff-59c23bcaba4eb76a764b9ffa34575a0aR35  From that perspective it doesn't seem necessary to encrypt it once more...
   WDYT?
   
   (original code was sending string like this: ��sr<org.apache.camel.component.shiro.security.ShiroSecurityTokenoE��6�%MLpasswordtLjava/lang/String;Lusernameq~xptstarrtringo - so it was also possible to see username/password in plain text)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org