[JENKINS-15915] Password Parameter should not be stored (on disk) - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Not A Defect
Component/s: core, mask-passwords-plugin
Labels:
- cleartext
- disk
- parameter
- password
- security
- stored
- unencrypted
Environment:
Debian Linux Stable, Jenkins 1.462, Sun JDK 1.7

Similar Issues:

Show

Description

The Mask Passwords Plugin helps masking the password in Jenkins' GUI.

Unfortunately the passwords are already stored clear text on disk.

They should not be stored. Storing them symmetrically encrypted is not necessary too, I think, as they are/should only used one time.

Attachments

Activity

Ascending order - Click to sort in descending order

Thomas Lehmann added a comment - 2012-12-03 14:58

Could please tell some one if this bug will be fixed (or if it will be rejected) (regardless of the time it's being started or even resolved)?

Thomas Lehmann added a comment - 2012-12-03 14:58 Could please tell some one if this bug will be fixed (or if it will be rejected) (regardless of the time it's being started or even resolved)?

Oleg Nenashev added a comment - 2014-05-13 06:44

AFAIK, the current version allows to disable the saving of password parameters.

Oleg Nenashev added a comment - 2014-05-13 06:44 AFAIK, the current version allows to disable the saving of password parameters.

Jesse Glick added a comment - 2014-06-30 18:51

Right, use Non-Stored Password Parameter.

Jesse Glick added a comment - 2014-06-30 18:51 Right, use Non-Stored Password Parameter .

People

Assignee:: Unassigned

Reporter:: Thomas Lehmann

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2012-11-25 10:32

Updated:: 2014-09-27 15:39

Resolved:: 2014-06-30 18:51