[Sblim-issues] [ sblim-Bugs-2979048 ] Check credential info for indication handler

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bugs item #2979048, was opened at 2010-03-29 20:43
Message generated for change (Tracker Item Submitted) made by jpowell_vmw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=712784&aid=2979048&group_id=128809

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: sfcb
Group: Security
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: John Powell (jpowell_vmw)
Assigned to: Chris Buccella (buccella)
Summary: Check credential info for indication handler

Initial Comment:
CIM_IndicationHandlerCIMXML class ship Destination property for listener address, it is a URL string. Before sfcbd didn't check if it is in the format of http(s)://USER:PASSWORD@ADDRESS:PORT/, if this kind of URL coming, special like root:CENSORED@localhost, any read access user can see the CENSORED information. Fix it that when create CIM_IndicationHandlerCIMXML instance, judge the string of URL, reject if it contain any password information.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=712784&aid=2979048&group_id=128809