[
https://issues.apache.org/jira/browse/NIFI-5489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634295#comment-16634295
]
ASF GitHub Bot commented on NIFI-5489:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2936
Hi @lukepfarrar , we have a policy of not evaluating EL in password fields.
Here is [an example of that review
process](https://github.com/apache/nifi/pull/3020#discussion_r219712821) and
the reasoning behind it on another PR.
> Our policy so far has been that passwords do not support expression
language, for a couple reasons:
> 1. How to evaluate if a password `abc${def}` should be interpreted as
`abc` + *the value of(`def`)* or the literal string `abc${def}`
> 1. The variable registry is not designed to store sensitive values
securely, so if a password is stored here, it can be accessed by an
unauthorized user
> Support Attribute Expressions with AMQP Processors
> --------------------------------------------------
>
> Key: NIFI-5489
> URL: https://issues.apache.org/jira/browse/NIFI-5489
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.7.1
> Reporter: Daniel
> Priority: Major
> Fix For: 1.8.0
>
>
> Particularly the fields: host, virtualhost and username.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
