[JENKINS-18244] Passwords should not be stored as clear text in config.xml and should not be printed out to the log (praqma case 9463) - Jenkins Jira

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: rqm-plugin
Labels:
- configuration
- security

Similar Issues:
Powered by SuggestiMate

Show

RQM plugin v1.0 stores the password for the RQM server in clear text in the config.xml for the project

In addition, it prints the password out to the log.

Passwords should be at least obscured. It's common to use 64 bit encoding to store in flat text config files.

Passwords should probably also NOT be printed to the log... ever.

Jens Brejner added a comment - 2013-06-07 06:58

Pseudo-linking to internal tracker

Jens Brejner added a comment - 2013-06-07 06:58 Pseudo-linking to internal tracker

Assignee:: Praqma Support

Reporter:: Eric Anker

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2013-06-06 21:17

Updated:: 2014-10-06 22:17