Neil Craig<p>Of course, there are other ways to configure sensitive values but I don't think it's necessarily obvious or front of mind when updating config and I honestly can't see (as someone who configures multiple services on Akamai regularly) why this feature is needed.<br>Unsure if it can be disabled or auth'd but I don't see any way to do that.<br>There are some docs which cover it a little bit: <a href="https://techdocs.akamai.com/download-delivery/docs/test-your-dd-property#4-install-an-extension" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techdocs.akamai.com/download-d</span><span class="invisible">elivery/docs/test-your-dd-property#4-install-an-extension</span></a>. <br>Just though it might not be common knowledge.<br>2/2<br><a href="https://mastodon.social/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akamai</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/ReadTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReadTeam</span></a> <a href="https://mastodon.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
261active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#readteam
0 posts · 0 participants · 0 posts today
Neil Craig<p>Akamai has what I personally think is a seriously risky mechanism for debugging HTTP requests/responses. You can send an HTTP request header of `pragma: akamai-x-get-extracted-values` for a URL served via Akamai & it'll return `x-akamai-session-info` response headers which include user-defined config variables - that's where the main risk is IMO. People may well not realise this feature exists & use the vars for sensitive info e.g. backend auth keys.<br>1/2<br><a href="https://mastodon.social/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akamai</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/ReadTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReadTeam</span></a> <a href="https://mastodon.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload