This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
When HTTP authentication is used to protect Mercurial repositories, NetBeans would failed on push if username/password is not specified in any kind of forms. (for example, in hgrc) I think there are two problems to improve or fix at least. 1) It is better to notify the user to provide a necessary username/password and commit again other than being just failed. 2) It is NOT SAFE to store the password in the form of http://USERNAME:PASSWORD@server/repo/... because it will be displayed directly in some ways (for example, the Push Other dialog.) which might result a password leak. It is unlikely to separate colleagues too far away from each other in a company and being harmful under the reason we're using HTTP authentication. I'm forced to push the changes in command-line mode when I pay more attention NOT to result any leak. I found this issue might be relative, but it seems to be a different one. http://www.netbeans.org/issues/show_bug.cgi?id=155893
1) should be fixed in cdev #505c3ce4312e 2) partially fixed in cdev #a663d370a7d7 - hides the password in output, logs, etc. - but we are still working on hiding the password in some dialogs (Clone other..., Push to other ...)
Fixed. The dialogs now have separate fields for username and password. When an existing URL is selected from a combo-box, the username and password are extracted from it and displayed in these dedicated text-fields. The field password displays stars instead of actual character (it is an instance of JPasswordField). Changeset Id: ec59dd460b0c
Integrated into 'main-golden', will be available in build *200904281401* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main-golden/rev/ec59dd460b0c User: Marian Petras <mpetras@netbeans.org> Log: fixed the remainder of bug #162661 - the user's password for access to a Mercurial repository should not be discoverable anywhere in the UI