Project

General

Profile

Actions
Copy link

Defect #116

closed

svn password in clear text

Added by daniele guerra about 17 years ago. Updated almost 17 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

I have found the svn user password in clear text into the html sourco of the projects settings page
(projects/settings/1).

This password is also in clear text into the mysql database.

This is a very critical security bug. Is possible to manage this password in hashing mode (like the admin password)???

Thank you

Related issues

Related to Redmine - Feature #7411: Option to cipher LDAP ans SCM passwords stored in the databaseClosed2011-01-22

Actions
Actions
Copy link
 #1

Updated by Jean-Philippe Lang about 17 years ago

This password is also in clear text into the mysql database.

What do you propose ? Encryption ?

Actions
Copy link
 #2

Updated by Jean-Philippe Lang almost 17 years ago

svn user password in clear text into the html source

Fixed in r942.

This password is also in clear text into the mysql database

This password can not be hashed in the database since Redmine
needs it in clear to run svn commands.

Actions
Copy link

Also available in: Atom PDF