Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DB Password in clear text in the admin api response #1745

Closed
kkindaface opened this issue Oct 13, 2016 · 3 comments
Closed

DB Password in clear text in the admin api response #1745

kkindaface opened this issue Oct 13, 2016 · 3 comments

Comments

@kkindaface
Copy link

Summary

http://127.0.0.1:8001/ displays the admin configs. The password field: pg_password (may be cassandra_password) come back in clear text. The same fields shows up as asterisk in the console logs. I think the behavior should be the same in both places.

Additional Details & Logs

  • Kong version : 0.9.3
@thibaultcha
Copy link
Member

Hi!

Sorry for the response delay, we've been quite busy today since we are hosting the 2016 Lua workshop at Mashape.

What you are referring to has been fixed in #1650, but was not released yet. sadly 0.9.3 only contains an important hotfix and Serf 0.8 compatibility. It will be part of the next 0.10 release for sure!

@kkindaface
Copy link
Author

Awesome, thanks! Do you know the ETA for 0.10?

@Tieske
Copy link
Member

Tieske commented Oct 15, 2016

planning first RC by end of October

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Tieske @thibaultcha @kkindaface