Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-15053

Prevent information leakage

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.0
    • Fix Version/s: 3.17.0
    • Component/s: Security

      Description

      I want to prevent information about my gov.ssp.spacelaser:spacelaser-target-subsystem artifacts from leaking to remote repositories that I use. Nexus 2 had the feature of repository routes that made it possible for me to prevent all gov.ssp artifact requests from leaving my super secret lair.

      I see that the Repository Manager 2 to 3 Feature Equivalency lists "Manual Routing Rules" as having a "Repository 3 Equivalent" but I cannot figure out what that is. I've played around quite a bit now with content selectors and I can see how I can make a single repository only allow requests for gov.ssp artifacts, but I like to make one big repository group that puts all of my needed repositories together for easy configuration on the client. This approach does not allow me to prevent gov.ssp requests from some of the repositories in the group and allow the gov.ssp request for others in the group.

      The equivalency page also lists "Automatic Routing" as "We will consider similar optimization features like this in the future as warranted", but I don't know if that means it will be like Nexus 2 routing rules. 

      I want to prevent information leakage in Nexus 3

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              Brouwer Bruce
              Last Updated By:
              Kari J. Niemi Kari J. Niemi
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title