You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Napoleon Esmundo C. Ramirez (JIRA)" <ji...@codehaus.org> on 2008/04/25 09:34:46 UTC
[jira] Updated: (CONTINUUM-1741) release.properties file containing
scm credentials in plain text is visible through the Web UI
[ http://jira.codehaus.org/browse/CONTINUUM-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Napoleon Esmundo C. Ramirez updated CONTINUUM-1741:
---------------------------------------------------
Attachment: CONTINUUM-1741-continuum-webapp.patch
The quickfix intercepts requests and throws an exception when release.properties is accessed. The file listing doesn't display the release.properties file as well.
> release.properties file containing scm credentials in plain text is visible through the Web UI
> ----------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1741
> URL: http://jira.codehaus.org/browse/CONTINUUM-1741
> Project: Continuum
> Issue Type: Improvement
> Components: Web - UI
> Affects Versions: 1.1
> Reporter: Napoleon Esmundo C. Ramirez
> Priority: Minor
> Attachments: CONTINUUM-1741-continuum-webapp.patch
>
>
> This is definitely a security hole. As a quickfix, the release.properties file can be hidden in the web ui until a more elegant solution in maven release is done.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira