Return-Path: Delivered-To: apmail-maven-continuum-issues-archive@locus.apache.org Received: (qmail 47052 invoked from network); 17 Dec 2007 18:48:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Dec 2007 18:48:29 -0000 Received: (qmail 21663 invoked by uid 500); 17 Dec 2007 18:48:19 -0000 Delivered-To: apmail-maven-continuum-issues-archive@maven.apache.org Received: (qmail 21646 invoked by uid 500); 17 Dec 2007 18:48:19 -0000 Mailing-List: contact continuum-issues-help@maven.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: continuum-dev@maven.apache.org Delivered-To: mailing list continuum-issues@maven.apache.org Received: (qmail 21635 invoked by uid 99); 17 Dec 2007 18:48:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Dec 2007 10:48:19 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [63.246.2.115] (HELO codehaus01.managed.contegix.com) (63.246.2.115) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Dec 2007 18:48:06 +0000 Received: from codehaus01.managed.contegix.com (localhost.localdomain [127.0.0.1]) by codehaus01.managed.contegix.com (Postfix) with ESMTP id BCC9714A8038 for ; Mon, 17 Dec 2007 12:47:57 -0600 (CST) Message-ID: <11791709.1197917277345.JavaMail.haus-jira@codehaus01.managed.contegix.com> Date: Mon, 17 Dec 2007 12:47:57 -0600 (CST) From: "Wendy Smoak (JIRA)" To: continuum-issues@maven.apache.org Subject: [jira] Created: (CONTINUUM-1605) Continuum should not store the password at all if 'use cached credentials' is checked MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Continuum should not store the password at all if 'use cached credentials' is checked ------------------------------------------------------------------------------------- Key: CONTINUUM-1605 URL: http://jira.codehaus.org/browse/CONTINUUM-1605 Project: Continuum Issue Type: Improvement Components: Database, SCM Affects Versions: 1.1 Reporter: Wendy Smoak Continuum is storing scm passwords in the database in plain text. If the 'use cached credentials' checkbox is checked, it should use the provided password for the initial pom retrieval, and then discard it. (Continuum has the ability to use svn credentials that have been pre-cached on the build server, but when you add a project the first request for the pom is not a svn checkout, it's just an http/https GET.) Workaround: periodically remove the passwords from the database: update PROJECT set SCM_PASSWORD = ""; -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira