Well they should also not be allowed to modify the pom.xml to stop them
adding
maven-help-plugin
validate
effective-settings
Oh and don't let them add unit tests because those could do
System.exec("man help:effective-settings") and email the results to
somewhere
Hi Stephen,
I'm not exactly sure what you mean.
Are you saying that users should not be allowed to configure jobs so
they can't, for example, add "help:effective-settings
-DshowPasswords=true" to a job?
Cheers
Steffen
On 23.12.2015 13:24, Stephen Connolly wrote:
The best you can do is
Hi everyone!
I've been agonising about this for quite some time now. However, I have
yet to find a solution for this.
Is there a way to prevent malicious users from obtaining server
passwords from your Maven settings?
If you use the Config File Provider plug in with the Credentials plug
The best you can do is restrict the credentials in visibility.
Have separate jobs using the credentials from others...
Lock permission to configure the jobs using credentials
Etc
I have some other thoughts which I may work on for making maven easier with
the literate job type.
On Wednesday
