Would it be a good idea not to have it appear in the webapp UI while
this password plaintext problem is not yet resolved?
On Thu, Apr 24, 2008 at 10:28 AM, Wendy Smoak <wsmoak@gmail.com> wrote:
> I'm still on a quest to get Continuum to stop storing passwords in
> plain text. Olivier fixed CONTINUUM-1605 [1] so that the initial pom
> retrieval will discard the provided credentials if the 'use cached
> credentials' checkbox is checked.
>
> The latest problem is the release.properties file. This file (which
> contains the scm password in plain text) gets written out to the
> working copy... which is then visible through the Web UI. If all goes
> well, I think it's only there briefly, but if the release fails it may
> be left around.
>
> Any ideas on how to fix this one?
>
> [1] http://jira.codehaus.org/browse/CONTINUUM-1605
>
> --
> Wendy
>
|