Hani ElHaffar created CAMEL-8607:
------------------------------------
Summary: Camel endpoint RAW password unsafe characters
Key: CAMEL-8607
URL: https://issues.apache.org/jira/browse/CAMEL-8607
Project: Camel
Issue Type: Bug
Components: camel-core
Affects Versions: 2.15.1
Environment: java version "1.7.0_45", Linux, Mac
Reporter: Hani ElHaffar
I am creating a camel endpoint such as this (somehost/someport/baseurl have
been replaced):
https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)
This causes camel to log the entire endpoint, including the user/password:
(DefaultComponent.java:67) - Supplied URI
'https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)'
contains unsafe characters, please check encoding
Consider:
-It is a security issue to log the username/password
-Specifiying RAW would allow for special characters, specifically for
passwords, as indicated here : https://camel.apache.org/configuring-camel.html,
but it seems that UnsafeUriCharactersEncoder is not handling them appropriately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
