Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2381

Passwords should not be stored in a decodable form


    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Critical Critical
    • _unsorted
    • None
    • Platform: Macintosh, OS: All

      When using Hudson's own user database, passwords are stored in base 64. The problem is that
      someone who has access to the user configuration files would be able to easily decode these
      passwords. This in turn can lead to other security problems, if users aren't smart about using different
      passwords for different services.

      Further, the fact that passwords are currently reversible means that checking Hudson configurations
      into source code control, or otherwise backing them up is potentially dangerous from a security

      A better approach would be to store a non-reversible digest (like SHA256) of the password in the user
      configuration file. To validate a password, the Hudson application would digest the password specified
      by the user at login and compare it to the digest stored. If they are equal, then the user is

      Apparently Hudson uses Acegi Security to implement password authentication. According to the Acegi
      site, they support digest-based password encoders. Hudson should be changed to use SHA1 at a
      minimum (or a stronger digest, like SHA256, if possible), migrating older clear text passwords to new
      configuration files.

            mindless Alan Harder
            acronce acronce
            0 Vote for this issue
            1 Start watching this issue