Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5420

Password parameters are stored as plain text in jobs' config and builds' history (patch provided)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • core
    • None

    Description

      Password parameters are stored as plain text in jobs' config and builds' history. They are accessible in:

      • <job>/config.xml
      • <job>/builds/<date>/build.xml

      Cf. attached patches to fix that:

      • PasswordParameterDefinition now inherits from SimpleParameterDefinition rather than StringParameterDefinition and uses a Secret to store the default password rather than a string.
      • PasswordParameterValue now inherits from ParameterValue rather than StringParameterValue and uses Secret to store the password rather than a string.
      • Backward compatibility kept.

      Attachments

        Activity

          rseguy Romain Seguy created issue -
          scm_issue_link SCM/JIRA link daemon made changes -
          Field Original Value New Value
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          abayer Andrew Bayer made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 135509 ] JNJira + In-Review [ 203523 ]

          People

            Unassigned Unassigned
            rseguy Romain Seguy
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: