Continuum
  1. Continuum
  2. CONTINUUM-1741

release.properties file containing scm credentials in plain text is visible through the Web UI

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.1
    • Fix Version/s: 1.2
    • Component/s: Web - UI
    • Labels:
      None
    • Complexity:
      Intermediate
    • Patch Submitted:
      Yes
    • Number of attachments :
      1

      Description

      This is definitely a security hole. As a quickfix, the release.properties file can be hidden in the web ui until a more elegant solution in maven release is done.

        Issue Links

          Activity

          Hide
          Nap Ramirez added a comment -

          The quickfix intercepts requests and throws an exception when release.properties is accessed. The file listing doesn't display the release.properties file as well.

          Show
          Nap Ramirez added a comment - The quickfix intercepts requests and throws an exception when release.properties is accessed. The file listing doesn't display the release.properties file as well.
          Show
          Wendy Smoak added a comment - Related thread: http://www.nabble.com/Continuum-and-plain-text-passwords-td16868880.html
          Hide
          Olivier Lamy added a comment -

          fixed in rev 663748.
          Thanks!

          Show
          Olivier Lamy added a comment - fixed in rev 663748. Thanks!

            People

            • Assignee:
              Olivier Lamy
              Reporter:
              Nap Ramirez
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: