-
Bug
-
Resolution: Unresolved
-
Minor
-
None
Hi, whenever I go to job edit screen, username and password fields are autofilled with my current jenkins username (and password?) to repository username & pwd fields. For example our internal Nexus repository does not require authentication and after saving the job with these default values, plugin is unable to get artifact information from the repository.
Just came to my mind when writing this, is this perhaps browser (Chrome in my case) feature, filling the username & pwd fields?
- is related to
-
-
- Open
-
[JENKINS-22288] Disable username / password default values
This is also a problem for, for example, the LDAP configuration screen - master username/password are automatically entered.
With the solution of JENKINS-29939, it should not be an issue for this plugin anymore. Still keeps being an issue for the credentials plugin, like described in JENKINS-22338, of course.
I think this issue can be closed.
ovaris: Do You agree?
The following diff fixes this critical security flaw for all major browsers…
--- ./WEB-INF/classes/eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly 2014-02-14 10:10:22.000000000 +0100 +++ ./eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly 2014-04-15 15:56:47.000000000 +0200 @@ -36,6 +36,6 @@ <f:entry title="${%Repository Username}" field="username"> - <f:textbox name="parameter.username" value="${instance.username}" /> + <f:textbox name="parameter.username" value="${instance.username}" autocomplete="off" /> </f:entry> <f:entry title="${%Repository Password}" field="password"> - <f:password name="parameter.password" value="${instance.password}" /> + <f:password name="parameter.password" value="${instance.password}" autocomplete="off" /> </f:entry>