Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.3 (Beta)
    • Fix Version/s: 1.3.4 (Beta)
    • Component/s: None
    • Labels:
      None
    • Environment:
      1.3.3-SNAPSHOT r777534

      Description

      Subversion passwords are exposed in plain text in the request log when adding a project, for example:

      2009_05_22.request.log:0:0:0:0:0:0:0:1%0 - - [22/May/2009:14:45:32 +0000] "GET /continuum/addMavenTwoProject.action?scmUsername=wsmoak&_checkbox_scmUseCache=true&_checkbox_nonRecursiveProject=true&buildDefinitionTemplateId=1&m2PomUrl=http%3A%2F%2Fsvn.apache.org%2Frepos%2Fasf%2Fcontinuum%2Fsandbox%2Fsimple-example%2Fpom.xml&scmPassword=mypassw0rd&selectedProjectGroup=-1 HTTP/1.1" 302 0 "" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10"

      I assume this is a Jetty log file that we can't do anything about. If so, we need to document how to turn off this logging, or perhaps leave it off by default and document how to turn it on if needed.

        Activity

        Wendy Smoak created issue -
        Hide
        Maria Catherine Tan added a comment -

        It also shows up in the browser's url field while refreshing the page when adding a project.

        Show
        Maria Catherine Tan added a comment - It also shows up in the browser's url field while refreshing the page when adding a project.
        Hide
        Maria Catherine Tan added a comment -

        setting the includeParams to false fixes this.

        <META HTTP-EQUIV="refresh" CONTENT="2;url=<s:url includeParams="false"/>"/>

        Does anyone have any objection with this change? If not i'll commit this

        Show
        Maria Catherine Tan added a comment - setting the includeParams to false fixes this. <META HTTP-EQUIV="refresh" CONTENT="2;url=<s:url includeParams="false"/>"/> Does anyone have any objection with this change? If not i'll commit this
        Maria Catherine Tan made changes -
        Field Original Value New Value
        Assignee Maria Catherine Tan [ ctan ]
        Hide
        Maria Catherine Tan added a comment -

        Fixed in
        r800620 of 1.3.x branch
        r800622 of trunk

        Show
        Maria Catherine Tan added a comment - Fixed in r800620 of 1.3.x branch r800622 of trunk
        Maria Catherine Tan made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Fix Version/s 1.3.4 [ 15301 ]
        Resolution Fixed [ 1 ]
        Hide
        Maria Catherine Tan added a comment -

        Changes made in r800620 causes this warning:

        WARN org.apache.struts2.components.URL - Unknown value for includeParams parameter to URL tag: false

        Show
        Maria Catherine Tan added a comment - Changes made in r800620 causes this warning: WARN org.apache.struts2.components.URL - Unknown value for includeParams parameter to URL tag: false
        Maria Catherine Tan made changes -
        Status Closed [ 6 ] Reopened [ 4 ]
        Resolution Fixed [ 1 ]
        Hide
        Maria Catherine Tan added a comment -

        set includeParams to none

        r803352 of 1.3.x branch
        r803353 of trunk

        Show
        Maria Catherine Tan added a comment - set includeParams to none r803352 of 1.3.x branch r803353 of trunk
        Maria Catherine Tan made changes -
        Resolution Fixed [ 1 ]
        Status Reopened [ 4 ] Closed [ 6 ]
        Mark Thomas made changes -
        Project Import Sun Apr 05 08:36:01 UTC 2015 [ 1428222961749 ]
        Mark Thomas made changes -
        Workflow jira [ 12710892 ] Default workflow, editable Closed status [ 12739817 ]
        Mark Thomas made changes -
        Project Import Sun Apr 05 21:12:18 UTC 2015 [ 1428268338676 ]
        Mark Thomas made changes -
        Workflow jira [ 12947354 ] Default workflow, editable Closed status [ 12985396 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        73d 8h 29m 1 Maria Catherine Tan 03/Aug/09 19:24
        Closed Closed Reopened Reopened
        8d 3h 4m 1 Maria Catherine Tan 11/Aug/09 22:28
        Reopened Reopened Closed Closed
        2m 47s 1 Maria Catherine Tan 11/Aug/09 22:31

          People

          • Assignee:
            Maria Catherine Tan
            Reporter:
            Wendy Smoak
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development