Actions
Defect #13925
closed
Repository password stored in clear text in DB
Status:
Closed
Priority:
Low
Assignee:
-
Category:
SCM
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Invalid
Affected version:
Description
I use SVN and enabled a Repository in one of my projects. Everything works GREAT!!!
So, this is just a "nit". Other passwords that Redmine stores in the DB are encrypted/mangled however not the Repository user password.
within the "repositories" table, column "password" is stored in plain text.
I think this should be encrypted/mangled like the others.
Updated by Jean-Philippe Lang about 11 years ago
- Status changed from New to Closed
- Resolution set to Invalid
Unlike user passwords, repository passwords can't be hashed. You can turn on repository password encryption by setting a secret key in your configuration file (config/configuration.yml). Please read source:/tags/2.3.0/config/configuration.yml.example#L142 carefully.
Actions