[rabbitmq-discuss] Leaking upstream credentials into federated messages' x-received-from header

• Previous message: [rabbitmq-discuss] Leaking upstream credentials into federated messages' x-received-from header
• Next message: [rabbitmq-discuss] Leaking upstream credentials into federated messages' x-received-from header
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/03/13 18:03, Simon MacMullen wrote:
> On 11/03/13 17:22, James Gardner wrote:
>> I was frankly shocked to see that in the x-received-from header
>> that is inserted into the re-published messages, one of the
>> subcomponents is called 'uri' and [...] includes the
>> username and most worryingly, the plain text password!
>
> That noise you can hear is me banging my head against the desk. I can't
> believe we didn't think of that.

FWIW, this bug was introduced in 3.0.0. Prior versions are fine.

Matthias.

• Previous message: [rabbitmq-discuss] Leaking upstream credentials into federated messages' x-received-from header
• Next message: [rabbitmq-discuss] Leaking upstream credentials into federated messages' x-received-from header
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]