search cancel

PAM escapes the forward slash ‘/’ with a backslash ‘\’ like this ‘\/’ - this does not follow JSON spec

book

Article ID: 257422

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A customer pointed that API Key processing in PAM escapes a forward slash with a backslash. The customer indicated escaping of forward slash seems to violate the JSON specification. The customer's application had issues when a password that escaped forward slash was returned. This document discusses this issue and concludes that PAM's escaping of forward slash is not a violation of the JSON spec.  In addition, a resolution solution is shared.

 

Environment

Release : All supported versions of PAM

Cause

Request For Information

Resolution

Broadcom Engineering completed its research into this issue and concluded the following.

1. JSON spec does not mandate that forward slash not be escaped. The spec actually states that some fields may be escaped and forward slash is one of them. Hence while the JSON spec does not require forward slashes to be escaped, it does permit it.

2.  Google search shows that many JSON parsers also escape the forward slash.  For example, PHP's native json_encode function escapes forward slashes by default. 

See refer to discussion at https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped

3. As shown below (highlighted in yellow) you may exclude the forward slash using a Password Composition Policy with such target accounts.

 

 

Additional Information

None.

Attachments