[
https://issues.apache.org/jira/browse/QPID-6365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-6365:
-----------------------------
Description: In the REST API, the values of secure management attributes
are currently provided to authenticated users if "actuals" request parameter is
set to true. This means if the user is using an insecure HTTP transport, the
secure value will go over the wire unencrypted. (was: The values of secure
management attributes are provided via REST interfaces if "actuals" request
parameter is set to true.)
> [Java Broker] Secure management attributes need to be masked all the time
> -------------------------------------------------------------------------
>
> Key: QPID-6365
> URL: https://issues.apache.org/jira/browse/QPID-6365
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: 0.30
> Reporter: Alex Rudyy
> Assignee: Keith Wall
> Fix For: 0.31
>
>
> In the REST API, the values of secure management attributes are currently
> provided to authenticated users if "actuals" request parameter is set to
> true. This means if the user is using an insecure HTTP transport, the secure
> value will go over the wire unencrypted.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
