This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Mask passwords with JSONPath issue

Posted on 02-24-2016 11:49 AM
mrios
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I'm adding to the organization level a mask for passwords. The xml looks like this:

<MaskDataConfiguration name="default">
    <JSONPathsRequest>
        <JSONPathRequest>$..password.</JSONPathRequest>
        <JSONPathRequest>$..oldPassword.</JSONPathRequest>
        <JSONPathRequest>$..newPassword.</JSONPathRequest>
    </JSONPathsRequest>
    <JSONPathsResponse>
        <JSONPathResponse>$..password.</JSONPathResponse>
        <JSONPathResponse>$..oldPassword.</JSONPathResponse>
        <JSONPathResponse>$..newPassword.</JSONPathResponse>
    </JSONPathsResponse>
    <Variables>
        <Variable>ServiceCallout.request</Variable>
        <Variable>request.formparam.password</Variable>
    </Variables>
</MaskDataConfiguration>

Using that description for the mask I noticed that if you have a json request that looks like this

{ "email": "user@abc.com", "password": "password"}

on the Edge I see this

{ "email": "user@abc.com", "**********":"**********"}

which is quite easy to infer the password 🙂

So, is that an expected behavior on the Edge or is it a bug?

2030-screen-shot-2016-02-24-at-114342-am.png

Thanks,

Matias

2 4 271
Topic Labels
4 REPLIES 4
Top Solution Authors
View all