Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5492

Security issue ("Bind Password" text field should be a password field on config page)

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ldapemail-plugin
    • Labels:
      None
    • Environment:
      Linux(2.6.9-67.ELsmp)
    • Similar Issues:

      Description

      "Bind Password" field today is textbox. This field should be <input type="password"> for security reason.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Yukun Su
          Path:
          pom.xml
          src/main/java/com/mtvi/plateng/hudson/ldap/Configuration.java
          src/main/resources/com/mtvi/plateng/hudson/ldap/PluginImpl/config.jelly
          src/test/java/com/mtvi/plateng/hudson/ldap/BaseLdapSearchTestCase.java
          src/test/java/com/mtvi/plateng/hudson/ldap/LdapSearchTest.java
          http://jenkins-ci.org/commit/ldapemail-plugin/2f20ffd213601a4d7545c8b2d382c430e0ecc24b
          Log:
          [FIXED JENKINS-5492] Hide & encrypt Bind Password.

          Hide the Bind Password by changing text field to password field in config.jelly.
          Encrypt the Bind Password by changing password type from String to Secret.
          Upgrade the core version to 1.436 in pom.xml file to support JDK 7 or higher and
          to use jenkinsRule in the LdapSearchTest.
          Add jenkinsRule and annotations for the tests to solve the NullPointer Exception
          caused by password type changing.
          When the user upgrades the plugin, they need to click save in the config page in
          order to encrypt the password on the file system.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yukun Su Path: pom.xml src/main/java/com/mtvi/plateng/hudson/ldap/Configuration.java src/main/resources/com/mtvi/plateng/hudson/ldap/PluginImpl/config.jelly src/test/java/com/mtvi/plateng/hudson/ldap/BaseLdapSearchTestCase.java src/test/java/com/mtvi/plateng/hudson/ldap/LdapSearchTest.java http://jenkins-ci.org/commit/ldapemail-plugin/2f20ffd213601a4d7545c8b2d382c430e0ecc24b Log: [FIXED JENKINS-5492] Hide & encrypt Bind Password. Hide the Bind Password by changing text field to password field in config.jelly. Encrypt the Bind Password by changing password type from String to Secret. Upgrade the core version to 1.436 in pom.xml file to support JDK 7 or higher and to use jenkinsRule in the LdapSearchTest. Add jenkinsRule and annotations for the tests to solve the NullPointer Exception caused by password type changing. When the user upgrades the plugin, they need to click save in the config page in order to encrypt the password on the file system.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Marco Miller
          Path:
          pom.xml
          src/main/java/com/mtvi/plateng/hudson/ldap/Configuration.java
          src/main/resources/com/mtvi/plateng/hudson/ldap/PluginImpl/config.jelly
          src/test/java/com/mtvi/plateng/hudson/ldap/BaseLdapSearchTestCase.java
          src/test/java/com/mtvi/plateng/hudson/ldap/LdapSearchTest.java
          http://jenkins-ci.org/commit/ldapemail-plugin/2397c4edb38e342f83ba864a25c8f289800d93b1
          Log:
          Merge pull request #1 from YukunSu/passwordFix

          [FIXED JENKINS-5492] Hide & encrypt Bind Password.

          Compare: https://github.com/jenkinsci/ldapemail-plugin/compare/ef4c92e20cf8...2397c4edb38e

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Marco Miller Path: pom.xml src/main/java/com/mtvi/plateng/hudson/ldap/Configuration.java src/main/resources/com/mtvi/plateng/hudson/ldap/PluginImpl/config.jelly src/test/java/com/mtvi/plateng/hudson/ldap/BaseLdapSearchTestCase.java src/test/java/com/mtvi/plateng/hudson/ldap/LdapSearchTest.java http://jenkins-ci.org/commit/ldapemail-plugin/2397c4edb38e342f83ba864a25c8f289800d93b1 Log: Merge pull request #1 from YukunSu/passwordFix [FIXED JENKINS-5492] Hide & encrypt Bind Password. Compare: https://github.com/jenkinsci/ldapemail-plugin/compare/ef4c92e20cf8...2397c4edb38e

            People

            • Assignee:
              eyukusu Yukun Su
              Reporter:
              eagleigor eagleigor
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: