You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by Ravindra Singareddy <si...@hotmail.com> on 2017/11/24 05:21:46 UTC

Password in Clear Text in User Registration

Hi All,
Is any way to suppress password field not to display in registration restful call? Here is the request is seen in the client call.

ID: 2
Address: http://localhost:8080/syncope/rest/users?storePassword=true
Http-Method: POST
Content-Type: application/json
Headers: {X-Syncope-Domain=[Master], Authorization=[Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJqdGkiOiJhZjRjMjcwMS0xMjNhLTRjNTgtOGMyNy0wMTEyM2FmYzU4OWQiLCJzdWIiOiJhZG1pbiIsImlhdCI6MTUxMTQ5MjA1NywiaXNzIjoiQXBhY2hlU3luY29wZSIsImV4cCI6MTUxMTQ5OTI1NywibmJmIjoxNTExNDkyMDU3fQ.zMSMWxw6I4FrD2Y4oSioF3bnCGpDWEZOlPnosDgjl5xa1v9W3Z_GhqZh9ikJpIIAM3nVMNSuMx6gDzXKJHQ-ZQ], Content-Type=[application/json], Accept=[application/json], Accept-Encoding=[gzip;q=1.0, identity; q=0.5, *;q=0]}
Payload: {"@class":"org.apache.syncope.common.lib.to.UserTO","creator":"admin","creationDate":"2017-11-24T04:53:16.004+0000","lastModifier":null,"lastChangeDate":null,"key":null,"type":"USER","realm":"/","status":null,"password":"xxxxxxxx”

Thanks

Ravi

Re: Password in Clear Text in User Registration

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 24/11/2017 06:21, Ravindra Singareddy wrote:
>
> Hi All,
>
> Is any way to suppress password field not to display in registration 
> restful call? Here is the request is seen in the client call.
>

Hi Ravi,
of course this is not possible, unless you don't want to set a password 
for the user being created.

Regards.

> ID: 2
>
> Address: http://localhost:8080/syncope/rest/users?storePassword=true
>
> Http-Method: POST
>
> Content-Type: application/json
>
> Headers: {X-Syncope-Domain=[Master], Authorization=[Bearer 
> eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJqdGkiOiJhZjRjMjcwMS0xMjNhLTRjNTgtOGMyNy0wMTEyM2FmYzU4OWQiLCJzdWIiOiJhZG1pbiIsImlhdCI6MTUxMTQ5MjA1NywiaXNzIjoiQXBhY2hlU3luY29wZSIsImV4cCI6MTUxMTQ5OTI1NywibmJmIjoxNTExNDkyMDU3fQ.zMSMWxw6I4FrD2Y4oSioF3bnCGpDWEZOlPnosDgjl5xa1v9W3Z_GhqZh9ikJpIIAM3nVMNSuMx6gDzXKJHQ-ZQ], 
> Content-Type=[application/json], Accept=[application/json], 
> Accept-Encoding=[gzip;q=1.0, identity; q=0.5, *;q=0]}
>
> Payload: 
> {"@class":"org.apache.syncope.common.lib.to.UserTO","creator":"admin","creationDate":"2017-11-24T04:53:16.004+0000","lastModifier":null,"lastChangeDate":null,"key":null,"type":"USER","realm":"/","status":null,"password":"xxxxxxxx”
>
> Thanks
>
> Ravi
>
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/