[
https://issues.apache.org/jira/browse/CAMEL-8607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Willem Jiang resolved CAMEL-8607.
---------------------------------
Resolution: Fixed
Applied the patch into camel master, camel-2.15.x and camel-2.14.x branches.
> Camel endpoint RAW password unsafe characters
> ---------------------------------------------
>
> Key: CAMEL-8607
> URL: https://issues.apache.org/jira/browse/CAMEL-8607
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 2.15.1
> Environment: java version "1.7.0_45", Linux, Mac
> Reporter: Hani ElHaffar
> Assignee: Willem Jiang
> Fix For: 2.14.3, 2.15.2, 2.16.0
>
>
> I am creating a camel endpoint such as this (somehost/someport/baseurl have
> been replaced):
> https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)
> This causes camel to log the entire endpoint, including the user/password:
> (DefaultComponent.java:67) - Supplied URI
> 'https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)'
> contains unsafe characters, please check encoding
> Consider:
> -It is a security issue to log the username/password
> -Specifiying RAW would allow for special characters, specifically for
> passwords, as indicated here :
> https://camel.apache.org/configuring-camel.html, but it seems that
> UnsafeUriCharactersEncoder is not handling them appropriately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
