Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22288

Disable username / password default values

    XMLWordPrintable

Details

    Description

      Hi, whenever I go to job edit screen, username and password fields are autofilled with my current jenkins username (and password?) to repository username & pwd fields. For example our internal Nexus repository does not require authentication and after saving the job with these default values, plugin is unable to get artifact information from the repository.

      Just came to my mind when writing this, is this perhaps browser (Chrome in my case) feature, filling the username & pwd fields?

      Attachments

        Issue Links

          Activity

            The following diff fixes this critical security flaw for all major browsers…

            --- ./WEB-INF/classes/eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly	2014-02-14 10:10:22.000000000 +0100
            +++ ./eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly	2014-04-15 15:56:47.000000000 +0200
            @@ -36,6 +36,6 @@
                 <f:entry title="${%Repository Username}" field="username">
            -        <f:textbox name="parameter.username" value="${instance.username}" />
            +        <f:textbox name="parameter.username" value="${instance.username}" autocomplete="off" />
                 </f:entry>
                 <f:entry title="${%Repository Password}" field="password">
            -        <f:password name="parameter.password" value="${instance.password}" />
            +        <f:password name="parameter.password" value="${instance.password}" autocomplete="off" />
                 </f:entry>
            
            jhermann Jürgen Hermann added a comment - The following diff fixes this critical security flaw for all major browsers… --- ./WEB-INF/classes/eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly 2014-02-14 10:10:22.000000000 +0100 +++ ./eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly 2014-04-15 15:56:47.000000000 +0200 @@ -36,6 +36,6 @@ <f:entry title= "${%Repository Username}" field= "username" > - <f:textbox name= "parameter.username" value= "${instance.username}" /> + <f:textbox name= "parameter.username" value= "${instance.username}" autocomplete= "off" /> </f:entry> <f:entry title= "${%Repository Password}" field= "password" > - <f:password name= "parameter.password" value= "${instance.password}" /> + <f:password name= "parameter.password" value= "${instance.password}" autocomplete= "off" /> </f:entry>
            nickcmaynard Nick Maynard added a comment -

            This is also a problem for, for example, the LDAP configuration screen - master username/password are automatically entered.

            nickcmaynard Nick Maynard added a comment - This is also a problem for, for example, the LDAP configuration screen - master username/password are automatically entered.
            marcrohlfs Marc Rohlfs added a comment -

            With the solution of JENKINS-29939, it should not be an issue for this plugin anymore. Still keeps being an issue for the credentials plugin, like described in JENKINS-22338, of course.

            I think this issue can be closed.

            ovaris: Do You agree?

            marcrohlfs Marc Rohlfs added a comment - With the solution of JENKINS-29939 , it should not be an issue for this plugin anymore. Still keeps being an issue for the credentials plugin, like described in JENKINS-22338 , of course. I think this issue can be closed. ovaris : Do You agree?

            People

              gesh Gesh Markov
              ovaris Olli Varis
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: