This repository was archived by the owner on May 14, 2025. It is now read-only.
Sanitize the history and exposed configuration #4964
Comments
github-actions
bot
added
the
status/need-triage
corneil
added
status/in-progress
corneil
pushed a commit
that referenced
this issue
Jun 30, 2022
This was referenced Jul 1, 2022
Merged
onobc
pushed a commit
that referenced
this issue
Jul 1, 2022
|
Merged on Main and 2.9.x |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi guys,
Today I've seen another service who's exposing credentials or secrets.
From the dashboard on the stream deployment page, when a stream is deployed the dashboard retrieve stream history and manifests... informations are not hidden from services responses and displayed as is.
Get Deployment History i think, I'll check, https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#api-guide-resources-stream-deployment-history
So i think that is more secure to create a http filter or a HandlerInterceptor to intercept all responses and sanitize them apart from the audit ?
Originally posted by @Hassen-BENNOUR in #4947 (comment)
The text was updated successfully, but these errors were encountered: