Uploaded image for project: 'apiman (API Management)'
  1. apiman (API Management)
  2. APIMAN-302

For a basic authentication policy, and using the default H2 database, the passwords are written to the DB in clear text

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.3.Final, 1.1.x
    • None
    • None
    • None

      $ strings data/h2/apiman-manager-api.h2.db | grep secret_password

      {"realm":"Echo", "forwardIdentityHttpHeader":"X-Identity", "staticIdentity":{"identities":[

      {"username":"user1", "password":"admin123!", "isHash":false}

      ,

      {"username":"user2", "password":"secret_password", "isHash":false}

      ]}, "ldapIdentity":null, "jdbcIdentity":null}

            ewittman@redhat.com Eric Wittmann
            ldimaggi@redhat.com Len DiMaggio
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: