[QPID-6365] [Java Broker] Secure management attributes need to be masked all the time - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.30
Fix Version/s: 0.31
Component/s: Broker-J
Labels:
None

Description

In the REST API, the values of secure management attributes are currently provided to authenticated users if "actuals" request parameter is set to true. This means if the user is using an insecure HTTP transport, the secure value will go over the wire unencrypted.

Attachments

Activity

People

Assignee:: Keith Wall

Reporter:: Alex Rudyy

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Feb/15 11:30

Updated:: 16/Feb/15 16:26

Resolved:: 16/Feb/15 16:23