Defect #1368: SVN errors lead to svn username/password being displayed to end users (security issue) - Redmine

Actions

Copy link

Defect #1368

closed

SVN errors lead to svn username/password being displayed to end users (security issue)

Added by Anonymous almost 17 years ago. Updated almost 17 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jean-Philippe Lang

Category:

SCM

Target version:

0.7.2

Start date:

2008-06-04

Due date:

% Done:

Estimated time:

Resolution:

Fixed

Affected version:

0.7.1

Description

This is a bit of a security risk, but if errors occur when redmine (such as detailed http://www.redmine.org/wiki/1/FAQ#13 where svn isn't in the PATH), then the HTML page displayed to the user contains a nice red box which displays the command it tried, which lists the username and password it tried to access the repository with. Surely the username/password should be hidden and never shown to an end user, even if an error occured.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #1368

SVN errors lead to svn username/password being displayed to end users (security issue)

Updated by Anonymous almost 17 years ago

Updated by Thomas Lecavelier almost 17 years ago

Updated by Jean-Philippe Lang almost 17 years ago