|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
I would expect passwordExposeDisabled, to override local value, but not change it.
Currently it's incidentally changing it, when user saves job's configuration.
Consider scenario:
1. Initially passwordExposeDisabled is false in global config
2. User sets exposeP4Passwd to true in job's config
3. Admin notices nice new global passwordExposeDisabled option and sets it to true to enhance security
4. User notices they job started to fail for some reason, and tries to fix it by changing something irrelevant in job's config. They doesn't have access to exposeP4Passwd, and so on first save it is implicitly reset to false
5. Some time later, Admin realize that step 3 is the cause of the break, so they sets passwordExposeDisabled in global config back to false, to allow security breaches be addressed without stopping [vulnerable] production
6. The job is still failing because in step 4, value of job specific exposeP4Passwd, was implicitly saved to false
My point is passwordExposeDisabled shall override, but not change the original value of exposeP4Passwd.