Thomas Lehmann
created JENKINS-15915
Password Parameter should not be stored (on disk)
Issue Type:
Bug
Affects Versions:
current
Assignee:
Unassigned
Components:
parameters
Created:
25/Nov/12 10:32 AM
Description:
The Mask Passwords Plugin helps masking the password in Jenkins' GUI.
Unfortunately the passwords are already stored clear text on disk.
They should not be stored. Storing them symmetrically encrypted is not necessary too, I think, as they are/should only used one time.
Environment:
Debian Linux Stable, Jenkins 1.462, Sun JDK 1.7
Project:
Jenkins
Labels:
parameter
security
password
cleartext
disk
unencrypted
stored
Priority:
Critical
Reporter:
Thomas Lehmann
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira