This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 178168

Summary: Insecure storage of issue tracking passwords
Product: connecteddeveloper Reporter: Jesse Glick <jglick>
Component: Issuetracking FrameworkAssignee: Tomas Stupka <tstupka>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 6.x   
Hardware: All   
OS: All   
Issue Type: DEFECT Exception Reporter:
Bug Depends on: 173413    
Bug Blocks:    

Description Jesse Glick 2009-12-04 13:17:24 UTC
BugzillaConfig stores your password insecurely in $userdir/config/Preferences/org/netbeans/modules/bugzilla.properties. Similarly for JiraConfig. This should be fixed to use the proposed keyring API instead.

For compatibility, when reading old settings, read the password; save it to the keyring; and delete it from disk. You should therefore be able to delete Scrambler.scramble even if descramble is kept around for a few releases.
Comment 1 Tomas Stupka 2010-01-21 07:00:10 UTC
use keyring in bugzilla
Issue #178168 - Insecure storage of issue tracking passwords
http://hg.netbeans.org/cdev/rev/370464447f52
Comment 2 Quality Engineering 2010-01-24 08:38:00 UTC
Integrated into 'main-golden', will be available in build *201001240200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/370464447f52
User: Tomas Stupka <tstupka@netbeans.org>
Log: use keyring in bugzilla
Issue #178168 - Insecure storage of issue tracking passwords
Comment 3 Tomas Stupka 2010-02-01 08:23:06 UTC
fixed
http://hg.netbeans.org/cdev/rev/8da8b01d2eda
Comment 4 Quality Engineering 2010-02-03 21:45:51 UTC
Integrated into 'main-golden', will be available in build *201002040200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/8da8b01d2eda
User: Tomas Stupka <tstupka@netbeans.org>
Log: Issue #178168 - Insecure storage of issue tracking passwords