[JIRA] [scm-sync-configuration] (JENKINS-18211) password are commited in plain text

[cfo...@gmx.de (JIRA)]

cforce created JENKINS-18211 password are commited in plain text Issue Type: Bug Assignee: Frédéric Camblor Components: scm-sync-configuration Created: 05/Jun/13 12:31 PM Description: From my understanding jenkins saves alls password as AES encrypted strings not in plain text, e.g authentication provider strings. It look like the scm plugin collects the form data before this encryption took place, so the password are submitted in plain text into scm provider. This is a big security issue if you wanna give non admin people acccess to the config backup in scm. If anyone can read password someone typed in secretly that is a big problem. At least its shall be configurable to submit password unencrypted but defaults to encrypted, thats the way jenkins also saves config data on disk. Project: Jenkins Priority: Critical Reporter: cforce

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.