Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-6365

[Java Broker] Secure management attributes need to be masked all the time

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.30
    • Fix Version/s: 0.31
    • Component/s: Broker-J
    • Labels:
      None

      Description

      In the REST API, the values of secure management attributes are currently provided to authenticated users if "actuals" request parameter is set to true. This means if the user is using an insecure HTTP transport, the secure value will go over the wire unencrypted.

        Attachments

          Activity

            People

            • Assignee:
              kwall Keith Wall
              Reporter:
              orudyy Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: