Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61808

Always encrypt f:password values, not just those backed by Secret

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • 2.236

      Too many people get the Secret getters wrong. What if we just always returned a Secret, and had a StringConverter to handle submitted secrets and transparently decrypt again?

      This would eliminate this class of problem. Only storage would really need to be done as Secret, but the internal API types wouldn't matter so much.

      Test cases need to include String typed encrypted secrets, and unmatched getter/setter types.

          [JENKINS-61808] Always encrypt f:password values, not just those backed by Secret

          Daniel Beck created issue -
          Daniel Beck made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Link New: This issue is duplicated by SECURITY-1806 [ SECURITY-1806 ]
          Jesse Glick made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "jenkins #4630 (Web Link)" [ 24824 ]
          Jesse Glick made changes -
          Link New: This issue causes JENKINS-62305 [ JENKINS-62305 ]
          Jesse Glick made changes -
          Released As New: 2.236
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          Jesse Glick made changes -
          Labels New: security
          Devin Nusbaum made changes -
          Link New: This issue causes JENKINS-63499 [ JENKINS-63499 ]
          Devin Nusbaum made changes -
          Link New: This issue causes JENKINS-63500 [ JENKINS-63500 ]
          Devin Nusbaum made changes -
          Link New: This issue causes JENKINS-63516 [ JENKINS-63516 ]

            danielbeck Daniel Beck
            danielbeck Daniel Beck
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: