Defect #116

svn password in clear text

Added by daniele guerra about 10 years ago. Updated about 10 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution: Affected version:

Description

I have found the svn user password in clear text into the html sourco of the projects settings page
(projects/settings/1).

This password is also in clear text into the mysql database.

This is a very critical security bug. Is possible to manage this password in hashing mode (like the admin password)???

Thank you


Related issues

Related to Redmine - Feature #7411: Option to cipher LDAP ans SCM passwords stored in the dat... Closed 2011-01-22

History

#1 Updated by Jean-Philippe Lang about 10 years ago

svn user password in clear text into the html source

Fixed in r942.

This password is also in clear text into the mysql database

This password can not be hashed in the database since Redmine
needs it in clear to run svn commands.

#2 Updated by Jean-Philippe Lang about 10 years ago

This password is also in clear text into the mysql database.

What do you propose ? Encryption ?

Also available in: Atom PDF