Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22288

Disable username / password default values

    Details

    • Similar Issues:

      Description

      Hi, whenever I go to job edit screen, username and password fields are autofilled with my current jenkins username (and password?) to repository username & pwd fields. For example our internal Nexus repository does not require authentication and after saving the job with these default values, plugin is unable to get artifact information from the repository.

      Just came to my mind when writing this, is this perhaps browser (Chrome in my case) feature, filling the username & pwd fields?

        Attachments

          Issue Links

            Activity

            Hide
            jhermann Jürgen Hermann added a comment -

            The following diff fixes this critical security flaw for all major browsers…

            --- ./WEB-INF/classes/eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly	2014-02-14 10:10:22.000000000 +0100
            +++ ./eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly	2014-04-15 15:56:47.000000000 +0200
            @@ -36,6 +36,6 @@
                 <f:entry title="${%Repository Username}" field="username">
            -        <f:textbox name="parameter.username" value="${instance.username}" />
            +        <f:textbox name="parameter.username" value="${instance.username}" autocomplete="off" />
                 </f:entry>
                 <f:entry title="${%Repository Password}" field="password">
            -        <f:password name="parameter.password" value="${instance.password}" />
            +        <f:password name="parameter.password" value="${instance.password}" autocomplete="off" />
                 </f:entry>
            
            Show
            jhermann Jürgen Hermann added a comment - The following diff fixes this critical security flaw for all major browsers… --- ./WEB-INF/classes/eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly 2014-02-14 10:10:22.000000000 +0100 +++ ./eu/markov/jenkins/plugin/mvnmeta/MavenMetadataParameterDefinition/config.jelly 2014-04-15 15:56:47.000000000 +0200 @@ -36,6 +36,6 @@ <f:entry title= "${%Repository Username}" field= "username" > - <f:textbox name= "parameter.username" value= "${instance.username}" /> + <f:textbox name= "parameter.username" value= "${instance.username}" autocomplete= "off" /> </f:entry> <f:entry title= "${%Repository Password}" field= "password" > - <f:password name= "parameter.password" value= "${instance.password}" /> + <f:password name= "parameter.password" value= "${instance.password}" autocomplete= "off" /> </f:entry>
            Hide
            nickcmaynard Nick Maynard added a comment -

            This is also a problem for, for example, the LDAP configuration screen - master username/password are automatically entered.

            Show
            nickcmaynard Nick Maynard added a comment - This is also a problem for, for example, the LDAP configuration screen - master username/password are automatically entered.
            Hide
            marcrohlfs Marc Rohlfs added a comment -

            With the solution of JENKINS-29939, it should not be an issue for this plugin anymore. Still keeps being an issue for the credentials plugin, like described in JENKINS-22338, of course.

            I think this issue can be closed.

            Olli Varis: Do You agree?

            Show
            marcrohlfs Marc Rohlfs added a comment - With the solution of JENKINS-29939 , it should not be an issue for this plugin anymore. Still keeps being an issue for the credentials plugin, like described in JENKINS-22338 , of course. I think this issue can be closed. Olli Varis : Do You agree?

              People

              • Assignee:
                gesh Gesh Markov
                Reporter:
                ovaris Olli Varis
              • Votes:
                3 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: