release.properties file containing scm credentials in plain text is visible through the Web UI

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.1
Fix Version/s: 1.2
Component/s: Web - UI
Labels:
None

Complexity:
Intermediate
Patch Submitted:

Yes
Number of attachments :
1

Description

This is definitely a security hole. As a quickfix, the release.properties file can be hidden in the web ui until a more elegant solution in maven release is done.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

CONTINUUM-1741-continuum-webapp.patch

25/Apr/08 2:34 AM

1 kB

Nap Ramirez

Issue Links

relates to

CONTINUUM-2202 Do not show subversion password in plain text

MRELEASE-340 Don't store the scm password in plaintext in release.properties

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Nap Ramirez added a comment - 25/Apr/08 2:34 AM

The quickfix intercepts requests and throws an exception when release.properties is accessed. The file listing doesn't display the release.properties file as well.

Show

Nap Ramirez added a comment - 25/Apr/08 2:34 AM The quickfix intercepts requests and throws an exception when release.properties is accessed. The file listing doesn't display the release.properties file as well.

Hide

Permalink

Wendy Smoak added a comment - 05/May/08 5:36 PM

Related thread: http://www.nabble.com/Continuum-and-plain-text-passwords-td16868880.html

Show

Wendy Smoak added a comment - 05/May/08 5:36 PM Related thread: http://www.nabble.com/Continuum-and-plain-text-passwords-td16868880.html

Hide

Permalink

Olivier Lamy added a comment - 05/Jun/08 4:45 PM

fixed in rev 663748.
Thanks!

Show

Olivier Lamy added a comment - 05/Jun/08 4:45 PM fixed in rev 663748. Thanks!

People

Assignee:

Olivier Lamy

Reporter:

Nap Ramirez

Vote (0)

Watch (0)

Dates

Created:

24/Apr/08 10:45 PM

Updated:

16/Sep/09 3:54 PM

Resolved:

05/Jun/08 4:45 PM