[
https://issues.jenkins-ci.org/browse/JENKINS-12747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=158972#comment-158972
]
Rob Petti commented on JENKINS-12747:
-------------------------------------
I'm not entirely sure how that's possible. When that option is unchecked, the
P4PASSWD environment variable isn't provided to anything but the launcher used
to execute P4 commands. EnvInject shouldn't be able to read it at all in that
instance.
Are you providing P4PASSWD as a build parameter or through envinject?
> Perforce Passwords are exposed by the EnvInject plugin
> ------------------------------------------------------
>
> Key: JENKINS-12747
> URL: https://issues.jenkins-ci.org/browse/JENKINS-12747
> Project: Jenkins
> Issue Type: Bug
> Components: envinject, perforce
> Environment: Windows 7 Enterprise SP1 (x64)
> Jenkins 1.450
> EnvInject 1.20
> Perforce 1.3.7
> Mask Passwords 2.7.2
> Reporter: Mike Winters
> Assignee: gbois
>
> Originally reported as part of JENKINS-12423, I am reopening this as a
> separate defect at the author's request. My original defect report from that
> issue is as follows:
> With Jenkins 1.450, Perforce plugin 1.3.7, EnvInject 1.17, and Mask Passwords
> 2.7.2, the Perforce passwords are being displayed in plain text on the
> "Injected Environment Variables" page. I have tried setting the passwords to
> be masked in the global Jenkins config as well as in the individual jobs, but
> nothing I have tried is masking the passwords.
> In the case of the Perforce passwords, the issue was happening before I
> installed the Mask Passwords plugin (I only installed that in an attempt to
> hide the passwords). It seems that perhaps the Perforce plugin (and plugins
> for other source control systems?) are exposing the passwords in a way that
> the EnvInject plugin doesn't know to look for. I'm not sure where the best
> place to fix this is, or what the optimal fix should be, as I am not familiar
> with the Jenkins codebase or the code for any of the relevant plugins.
> However, the quicker a solution can be implemented, the happier I will be :).
> Thanks!
> After updating to EnvInject 1.20, the Perforce password is still being
> exposed (P4PASSWD variable) on the "Injected Environment Variables" page
> available on the left menu on each build. I suspect that this may require
> changes to both the EnvInject plugin and the Perforce plugin.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
