-
Bug
-
Resolution: Done
-
Critical
-
None
-
7.34.0.Final
-
None
-
2020 Week 13-15 (from Mar 23)
-
NEW
-
NEW
For some reason, stored passwords on .config/config.git repositories are not being encrypted anymore when a user import a repository.
You can verify this from v7.30 onwards.
On the other hand, encrypting the password - as previously done - offers a very limited security because it is easy to get our own code and decrypt the password.
I've scanned over the code and found no reason for storing the credentials, so this task is meant to remove this information.
Since we store the credentials in a git repository, the whole git history needs to be wiped out.
- is cloned by
-
RHPAM-2838 Credentials not cleaned up after git repo import
- Closed