• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • None
    • Platform: All, OS: All

      In the proxy configuration of Update Manager, when proxy is already configured
      with authentication credentials saved, if you analyze the HTML source you'll
      find the password in clear text.

      Solution: Credentials should not go to Hudson's presentation layer!

          [JENKINS-4000] Proxy credentials showing in clear text

          evernat added a comment -

          reproduced

          evernat added a comment - reproduced

          dogfood added a comment -

          dogfood added a comment - Integrated in jenkins_main_trunk #838

          bap added a comment -

          fixed in 1.415

          bap added a comment - fixed in 1.415

          Code changed in jenkins
          User: bap2000
          Path:
          core/src/main/java/hudson/ProxyConfiguration.java
          core/src/main/resources/hudson/PluginManager/advanced.jelly
          http://jenkins-ci.org/commit/jenkins/c4d9fe8e0707330d1d59d6f30a3a2e32b36a88c0
          Log:
          [FIXED JENKINS-4000] , [FIXED JENKINS-4002] encrypt proxy password

          Proxy password is encrypted in xml config file, and in the UI

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: bap2000 Path: core/src/main/java/hudson/ProxyConfiguration.java core/src/main/resources/hudson/PluginManager/advanced.jelly http://jenkins-ci.org/commit/jenkins/c4d9fe8e0707330d1d59d6f30a3a2e32b36a88c0 Log: [FIXED JENKINS-4000] , [FIXED JENKINS-4002] encrypt proxy password Proxy password is encrypted in xml config file, and in the UI

          Code changed in jenkins
          User: Nicolas De Loof
          Path:
          changelog.html
          http://jenkins-ci.org/commit/jenkins/005b75d6383a21bc1fa12a017a299ec179dc50b7
          Log:
          [FIX JENKINS-4002] [FIX JENKINS-4000] encrypr proxy credentials

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: changelog.html http://jenkins-ci.org/commit/jenkins/005b75d6383a21bc1fa12a017a299ec179dc50b7 Log: [FIX JENKINS-4002] [FIX JENKINS-4000] encrypr proxy credentials

          Code changed in jenkins
          User: bap2000
          Path:
          changelog.html
          http://jenkins-ci.org/commit/jenkins/495779d4ca7d04179d7e34c9624c0387d3d340c9
          Log:
          [FIXED JENKINS-4000] [FIXED JENKINS-4002] Add fix to changelog

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: bap2000 Path: changelog.html http://jenkins-ci.org/commit/jenkins/495779d4ca7d04179d7e34c9624c0387d3d340c9 Log: [FIXED JENKINS-4000] [FIXED JENKINS-4002] Add fix to changelog

          Code changed in jenkins
          User: bap2000
          Path:
          core/src/main/java/hudson/ProxyConfiguration.java
          core/src/main/resources/hudson/PluginManager/advanced.jelly
          http://jenkins-ci.org/commit/jenkins/c4d9fe8e0707330d1d59d6f30a3a2e32b36a88c0
          Log:
          [FIXED JENKINS-4000] , [FIXED JENKINS-4002] encrypt proxy password

          Proxy password is encrypted in xml config file, and in the UI

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: bap2000 Path: core/src/main/java/hudson/ProxyConfiguration.java core/src/main/resources/hudson/PluginManager/advanced.jelly http://jenkins-ci.org/commit/jenkins/c4d9fe8e0707330d1d59d6f30a3a2e32b36a88c0 Log: [FIXED JENKINS-4000] , [FIXED JENKINS-4002] encrypt proxy password Proxy password is encrypted in xml config file, and in the UI

          Code changed in jenkins
          User: Nicolas De Loof
          Path:
          changelog.html
          http://jenkins-ci.org/commit/jenkins/005b75d6383a21bc1fa12a017a299ec179dc50b7
          Log:
          [FIX JENKINS-4002] [FIX JENKINS-4000] encrypr proxy credentials

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: changelog.html http://jenkins-ci.org/commit/jenkins/005b75d6383a21bc1fa12a017a299ec179dc50b7 Log: [FIX JENKINS-4002] [FIX JENKINS-4000] encrypr proxy credentials

          Code changed in jenkins
          User: bap2000
          Path:
          changelog.html
          http://jenkins-ci.org/commit/jenkins/495779d4ca7d04179d7e34c9624c0387d3d340c9
          Log:
          [FIXED JENKINS-4000] [FIXED JENKINS-4002] Add fix to changelog

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: bap2000 Path: changelog.html http://jenkins-ci.org/commit/jenkins/495779d4ca7d04179d7e34c9624c0387d3d340c9 Log: [FIXED JENKINS-4000] [FIXED JENKINS-4002] Add fix to changelog

            bap bap
            rcsilva83 rcsilva83
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: