Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18244

Passwords should not be stored as clear text in config.xml and should not be printed out to the log (praqma case 9463)

XMLWordPrintable

      RQM plugin v1.0 stores the password for the RQM server in clear text in the config.xml for the project

      In addition, it prints the password out to the log.

      Passwords should be at least obscured. It's common to use 64 bit encoding to store in flat text config files.

      Passwords should probably also NOT be printed to the log... ever.

          [JENKINS-18244] Passwords should not be stored as clear text in config.xml and should not be printed out to the log (praqma case 9463)

          Eric Anker created issue -

          Jens Brejner added a comment -

          Pseudo-linking to internal tracker

          Jens Brejner added a comment - Pseudo-linking to internal tracker
          Jens Brejner made changes -
          Summary Original: Passwords should not be stored as clear text in config.xml and should not be printed out to the log New: Passwords should not be stored as clear text in config.xml and should not be printed out to the log (praqma case 9463))
          Jens Brejner made changes -
          Summary Original: Passwords should not be stored as clear text in config.xml and should not be printed out to the log (praqma case 9463)) New: Passwords should not be stored as clear text in config.xml and should not be printed out to the log (praqma case 9463)
          Daniel Beck made changes -
          Component/s Original: plugin [ 15491 ]
          Labels Original: configuration plugin security New: configuration security
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 149549 ] New: JNJira + In-Review [ 177402 ]

            praqma Praqma Support
            bobtheshrew Eric Anker
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: