Continuum should not store the userid or password if 'use cached credentials' is checked

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1
Fix Version/s: 1.2
Component/s: Database, SCM
Labels:
None

Complexity:
Intermediate
Number of attachments :
0

Description

Continuum is storing scm passwords in the database in plain text.

If the 'use cached credentials' checkbox is checked, it should use the provided userid and password for the initial pom retrieval, and then discard them.

(Continuum has the ability to use svn credentials that have been pre-cached on the build server, but when you add a project the first request for the pom is not a svn checkout, it's just an http/https GET.)

Workaround: periodically remove the credentials from the database:
update PROJECT set SCM_PASSWORD = "";
update PROJECT set SCM_USERNAME = "";

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Olivier Lamy added a comment - 14/Apr/08 5:41 PM

fixed in rev 648038.

Show

Olivier Lamy added a comment - 14/Apr/08 5:41 PM fixed in rev 648038.

Hide

Permalink

Wendy Smoak added a comment - 14/Apr/08 5:54 PM

Thanks, Olivier. I think the credentials may also get cached during the release process. I'll test and open a new issue for that if so, but wanted to mention it in case it's easy to check now.

Show

Wendy Smoak added a comment - 14/Apr/08 5:54 PM Thanks, Olivier. I think the credentials may also get cached during the release process. I'll test and open a new issue for that if so, but wanted to mention it in case it's easy to check now.

People

Assignee:

Olivier Lamy

Reporter:

Wendy Smoak

Vote (0)

Watch (0)

Dates

Created:

17/Dec/07 12:46 PM

Updated:

14/Apr/08 5:54 PM

Resolved:

14/Apr/08 5:41 PM