Password parameters are stored as plain text in jobs' config and builds' history (patch provided)

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      Password parameters are stored as plain text in jobs' config and builds' history. They are accessible in:

      • <job>/config.xml
      • <job>/builds/<date>/build.xml

      Cf. attached patches to fix that:

      • PasswordParameterDefinition now inherits from SimpleParameterDefinition rather than StringParameterDefinition and uses a Secret to store the default password rather than a string.
      • PasswordParameterValue now inherits from ParameterValue rather than StringParameterValue and uses Secret to store the password rather than a string.
      • Backward compatibility kept.

        1. PasswordParameterDefinition.patch
          3 kB
          Romain Seguy
        2. PasswordParameterValue.patch
          2 kB
          Romain Seguy

            Assignee:
            Unassigned
            Reporter:
            Romain Seguy
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: