Vote #63348
完了SVN errors lead to svn username/password being displayed to end users (security issue)
0%
説明
This is a bit of a security risk, but if errors occur when redmine (such as detailed http://www.redmine.org/wiki/1/FAQ#13 where svn isn't in the PATH), then the HTML page displayed to the user contains a nice red box which displays the command it tried, which lists the username and password it tried to access the repository with. Surely the username/password should be hidden and never shown to an end user, even if an error occured.
journals
Appologies for the messed-up link, Redmine doesn't appear to like formatting http links containing hashes.
--------------------------------------------------------------------------------
I set target version for 0.7.2 since it's a real security concern.
--------------------------------------------------------------------------------
Fixed in r1493. Username and password are now replaced with xxxx.
--------------------------------------------------------------------------------