Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-911

Alternate Launcher.launch that hides passwords on command line

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • remoting
    • None
    • Platform: All, OS: All

      The current implementations of Launcher.launch(...)

      all print the command line verbatim to the log.

      When the command line includes a password, this is not good.

      A second Launcher.launch(...) method which would allow the caller to **** out
      the info that goes to the log files to make password snooping more difficult

          [JENKINS-911] Alternate Launcher.launch that hides passwords on command line

          It's a reasonable request but using passwords on command line arguments is
          really insecure anyway — you still get to see them through /proc, pargs,
          process explorer, etc.

          Kohsuke Kawaguchi added a comment - It's a reasonable request but using passwords on command line arguments is really insecure anyway — you still get to see them through /proc, pargs, process explorer, etc.

          Oh I know, but it's better than nothing for those cases where you have to pass
          the password over the command line

          Stephen Connolly added a comment - Oh I know, but it's better than nothing for those cases where you have to pass the password over the command line

          Jesse Glick added a comment -

          /proc etc. are visible only to people logged in on the same machine (with
          appropriate permissions). Quite different from a build log exposed via the web.

          Jesse Glick added a comment - /proc etc. are visible only to people logged in on the same machine (with appropriate permissions). Quite different from a build log exposed via the web.

          Anyway, agreed that this is a better than nothing feature.

          Kohsuke Kawaguchi added a comment - Anyway, agreed that this is a better than nothing feature.

          I have added one approach for the necessary methods to Launcher.launch, added
          javadoc warning that these methods only help with the build log, and updated the
          change log to reflect this.

          Target 1.147

          Stephen Connolly added a comment - I have added one approach for the necessary methods to Launcher.launch, added javadoc warning that these methods only help with the build log, and updated the change log to reflect this. Target 1.147

          closing this issue

          Stephen Connolly added a comment - closing this issue

            Unassigned Unassigned
            stephenconnolly Stephen Connolly
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: