Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-2838

Credentials not cleaned up after git repo import

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.7.1.GA
    • None
    • None
    • 2020 Week 13-15 (from Mar 23), 2020 Week 16-18 (from Apr 13)

      For some reason, stored passwords on .config/config.git repositories are not being encrypted anymore when a user import a repository.
      You can verify this from v7.30 onwards.
      On the other hand, encrypting the password - as previously done - offers a very limited security because it is easy to get our own code and decrypt the password.

      I've scanned over the code and found no reason for storing the credentials, so this task is meant to remove this information.
      Since we store the credentials in a git repository, the whole git history needs to be wiped out.

              r_anand Rishiraj Anand
              david.magallanes David Gutierrez
              Barbora Kapustova Barbora Kapustova
              Barbora Kapustova Barbora Kapustova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: