Continuum
  1. Continuum
  2. CONTINUUM-1605

Continuum should not store the userid or password if 'use cached credentials' is checked

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1
    • Fix Version/s: 1.2
    • Component/s: Database, SCM
    • Labels:
      None

      Description

      Continuum is storing scm passwords in the database in plain text.

      If the 'use cached credentials' checkbox is checked, it should use the provided userid and password for the initial pom retrieval, and then discard them.

      (Continuum has the ability to use svn credentials that have been pre-cached on the build server, but when you add a project the first request for the pom is not a svn checkout, it's just an http/https GET.)

      Workaround: periodically remove the credentials from the database:
      update PROJECT set SCM_PASSWORD = "";
      update PROJECT set SCM_USERNAME = "";

        Activity

        Wendy Smoak created issue -
        Wendy Smoak made changes -
        Field Original Value New Value
        Description Continuum is storing scm passwords in the database in plain text.

        If the 'use cached credentials' checkbox is checked, it should use the provided password for the initial pom retrieval, and then discard it.

        (Continuum has the ability to use svn credentials that have been pre-cached on the build server, but when you add a project the first request for the pom is not a svn checkout, it's just an http/https GET.)

        Workaround: periodically remove the passwords from the database:
        update PROJECT set SCM_PASSWORD = "";
        Continuum is storing scm passwords in the database in plain text.

        If the 'use cached credentials' checkbox is checked, it should use the provided userid and password for the initial pom retrieval, and then discard them.

        (Continuum has the ability to use svn credentials that have been pre-cached on the build server, but when you add a project the first request for the pom is not a svn checkout, it's just an http/https GET.)

        Workaround: periodically remove the credentials from the database:
        update PROJECT set SCM_PASSWORD = "";
        update PROJECT set SCM_USERNAME = "";
        Summary Continuum should not store the password at all if 'use cached credentials' is checked Continuum should not store the userid or password if 'use cached credentials' is checked
        Brett Porter made changes -
        Fix Version/s 1.2 [ 13779 ]
        Hide
        Olivier Lamy (*$^¨%`£) added a comment -

        fixed in rev 648038.

        Show
        Olivier Lamy (*$^¨%`£) added a comment - fixed in rev 648038.
        Olivier Lamy (*$^¨%`£) made changes -
        Resolution Fixed [ 1 ]
        Assignee Olivier Lamy [ olamy ]
        Status Open [ 1 ] Closed [ 6 ]
        Hide
        Wendy Smoak added a comment -

        Thanks, Olivier. I think the credentials may also get cached during the release process. I'll test and open a new issue for that if so, but wanted to mention it in case it's easy to check now.

        Show
        Wendy Smoak added a comment - Thanks, Olivier. I think the credentials may also get cached during the release process. I'll test and open a new issue for that if so, but wanted to mention it in case it's easy to check now.
        Mark Thomas made changes -
        Project Import Sun Apr 05 08:36:01 UTC 2015 [ 1428222961749 ]
        Mark Thomas made changes -
        Workflow jira [ 12710263 ] Default workflow, editable Closed status [ 12739967 ]
        Mark Thomas made changes -
        Project Import Sun Apr 05 21:12:18 UTC 2015 [ 1428268338676 ]
        Mark Thomas made changes -
        Workflow jira [ 12947484 ] Default workflow, editable Closed status [ 12985513 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        119d 4h 54m 1 Olivier Lamy (*$^¨%`£) 14/Apr/08 17:41

          People

          • Assignee:
            Olivier Lamy (*$^¨%`£)
            Reporter:
            Wendy Smoak
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development