Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5420

Password parameters are stored as plain text in jobs' config and builds' history (patch provided)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • None

      Password parameters are stored as plain text in jobs' config and builds' history. They are accessible in:

      • <job>/config.xml
      • <job>/builds/<date>/build.xml

      Cf. attached patches to fix that:

      • PasswordParameterDefinition now inherits from SimpleParameterDefinition rather than StringParameterDefinition and uses a Secret to store the default password rather than a string.
      • PasswordParameterValue now inherits from ParameterValue rather than StringParameterValue and uses Secret to store the password rather than a string.
      • Backward compatibility kept.

        1. PasswordParameterDefinition.patch
          3 kB
        2. PasswordParameterValue.patch
          2 kB

            Unassigned Unassigned
            rseguy Romain Seguy
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: