Ask Question
« General Questions on Nuxeo

REST API : access to encrypted (or not) user passwords

I m into coding a one page application using the REST API, Auth being managed by token auth. I was quite surprised to discover that the user endpoint gives access to users passwords to any user using the API ! Could this user attribute be reserved to admin accounts just like in the web UI ?

pibou Bouvret
Member (8.9K)   4   7   10 		09/20/2016 ( History)
0 votes
1 answers
1561 views
ANSWER
ANSWERS

Hi,

A fix for this is included in Nuxeo 6.0-HF31, you should apply the hotfix.

Florent Guillaume
Member (36K)   6   8   8 		09/20/2016 ( History)
0 votes
Follow
Tags
Linked Questions
Related Questions
Authentication to REST API with OAuth2
Connection with multidirectory
Programmatically logging-in within a OpenURL WebEngine Project
Create user with password
Authentication and Automation APIs
API from CURL vs from Python
How can I use token auth "à la Nuxeo Drive" for using the REST API ?
Error in log : principal Administrator does not exist
Cannot login when anonymous user is activated