Uploaded image for project: 'AppFormer'
  1. AppFormer
  2. AF-2445

Credentials not cleaned up after git repo import

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 7.34.0.Final
    • Library
    • None

      For some reason, stored passwords on .config/config.git repositories are not being encrypted anymore when a user import a repository.
      You can verify this from v7.30 onwards.
      On the other hand, encrypting the password - as previously done - offers a very limited security because it is easy to get our own code and decrypt the password.

      I've scanned over the code and found no reason for storing the credentials, so this task is meant to remove this information.
      Since we store the credentials in a git repository, the whole git history needs to be wiped out.

              gcaponet Guilherme Caponetto
              gcaponet Guilherme Caponetto
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: