-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Linux(2.6.9-67.ELsmp)
"Bind Password" field today is textbox. This field should be <input type="password"> for security reason.
[JENKINS-5492] Security issue ("Bind Password" text field should be a password field on config page)
Code changed in jenkins
User: Marco Miller
Path:
pom.xml
src/main/java/com/mtvi/plateng/hudson/ldap/Configuration.java
src/main/resources/com/mtvi/plateng/hudson/ldap/PluginImpl/config.jelly
src/test/java/com/mtvi/plateng/hudson/ldap/BaseLdapSearchTestCase.java
src/test/java/com/mtvi/plateng/hudson/ldap/LdapSearchTest.java
http://jenkins-ci.org/commit/ldapemail-plugin/2397c4edb38e342f83ba864a25c8f289800d93b1
Log:
Merge pull request #1 from YukunSu/passwordFix
[FIXED JENKINS-5492] Hide & encrypt Bind Password.
Compare: https://github.com/jenkinsci/ldapemail-plugin/compare/ef4c92e20cf8...2397c4edb38e
Code changed in jenkins
User: Yukun Su
Path:
pom.xml
src/main/java/com/mtvi/plateng/hudson/ldap/Configuration.java
src/main/resources/com/mtvi/plateng/hudson/ldap/PluginImpl/config.jelly
src/test/java/com/mtvi/plateng/hudson/ldap/BaseLdapSearchTestCase.java
src/test/java/com/mtvi/plateng/hudson/ldap/LdapSearchTest.java
http://jenkins-ci.org/commit/ldapemail-plugin/2f20ffd213601a4d7545c8b2d382c430e0ecc24b
Log:
[FIXED JENKINS-5492] Hide & encrypt Bind Password.
Hide the Bind Password by changing text field to password field in config.jelly.
Encrypt the Bind Password by changing password type from String to Secret.
Upgrade the core version to 1.436 in pom.xml file to support JDK 7 or higher and
to use jenkinsRule in the LdapSearchTest.
Add jenkinsRule and annotations for the tests to solve the NullPointer Exception
caused by password type changing.
When the user upgrades the plugin, they need to click save in the config page in
order to encrypt the password on the file system.