[jira] Updated: (CONTINUUM-1605) Continuum should not store the userid or password if 'use cached credentials' is checked

Wendy Smoak (JIRA) Tue, 18 Dec 2007 09:15:27 -0800

     [ 
http://jira.codehaus.org/browse/CONTINUUM-1605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Wendy Smoak updated CONTINUUM-1605:
-----------------------------------

    Description: 
Continuum is storing scm passwords in the database in plain text.

If the 'use cached credentials' checkbox is checked, it should use the provided 
userid and password for the initial pom retrieval, and then discard them.

(Continuum has the ability to use svn credentials that have been pre-cached on 
the build server, but when you add a project the first request for the pom is 
not a svn checkout, it's just an http/https GET.)

Workaround:  periodically remove the credentials from the database:
update PROJECT set SCM_PASSWORD = "";
update PROJECT set SCM_USERNAME = "";

  was:
Continuum is storing scm passwords in the database in plain text.

If the 'use cached credentials' checkbox is checked, it should use the provided 
password for the initial pom retrieval, and then discard it.

(Continuum has the ability to use svn credentials that have been pre-cached on 
the build server, but when you add a project the first request for the pom is 
not a svn checkout, it's just an http/https GET.)

Workaround:  periodically remove the passwords from the database:
update PROJECT set SCM_PASSWORD = "";

        Summary: Continuum should not store the userid or password if 'use 
cached credentials' is checked  (was: Continuum should not store the password 
at all if 'use cached credentials' is checked)

> Continuum should not store the userid or password if 'use cached credentials' 
> is checked
> ----------------------------------------------------------------------------------------
>
>                 Key: CONTINUUM-1605
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-1605
>             Project: Continuum
>          Issue Type: Improvement
>          Components: Database, SCM
>    Affects Versions: 1.1
>            Reporter: Wendy Smoak
>
> Continuum is storing scm passwords in the database in plain text.
> If the 'use cached credentials' checkbox is checked, it should use the 
> provided userid and password for the initial pom retrieval, and then discard 
> them.
> (Continuum has the ability to use svn credentials that have been pre-cached 
> on the build server, but when you add a project the first request for the pom 
> is not a svn checkout, it's just an http/https GET.)
> Workaround:  periodically remove the credentials from the database:
> update PROJECT set SCM_PASSWORD = "";
> update PROJECT set SCM_USERNAME = "";

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Updated: (CONTINUUM-1605) Continuum should not store the userid or password if 'use cached credentials' is checked

Reply via email to