Jenkins “j_spring_security_check” login interface has the risk of leaking username and password. Is there any way to solve it?
What specifically is your concern here? Username and password must be sent to the site to log you in.
I hope that when logging in, the interface will not expose the user name and password. At least the username and password should be encrypted.It seems a bit dangerous now.
Of course, for Jenkins, because the source code is open, using a simple encryption algorithm to encrypt the password may not be very effective.
As long as you use https for your Jenkins there should be no risk that username/password are leaked. If you run without https then anyone that is able to read the network traffic can find out the password.
Jenkins behaves here no different than other sites that ask for username and password.
All right, I will try to use https. Thank you very much!