Defect #13925: Repository password stored in clear text in DB - Redmine

Actions

Copy link

Defect #13925

closed

Repository password stored in clear text in DB

Added by Peter Berkman over 11 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Low

Assignee:

Category:

SCM

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Invalid

Affected version:

2.2.4

Description

I use SVN and enabled a Repository in one of my projects. Everything works GREAT!!!

So, this is just a "nit". Other passwords that Redmine stores in the DB are encrypted/mangled however not the Repository user password.

within the "repositories" table, column "password" is stored in plain text.

I think this should be encrypted/mangled like the others.

Actions

Copy link

Updated by Jean-Philippe Lang over 11 years ago

Status changed from New to Closed
Resolution set to Invalid

Unlike user passwords, repository passwords can't be hashed. You can turn on repository password encryption by setting a secret key in your configuration file (config/configuration.yml). Please read source:/tags/2.3.0/config/configuration.yml.example#L142 carefully.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #13925

Repository password stored in clear text in DB

Updated by Jean-Philippe Lang over 11 years ago