Bug 178168 - Insecure storage of issue tracking passwords
Insecure storage of issue tracking passwords
Status: RESOLVED FIXED
Product: connecteddeveloper
Classification: Unclassified
Component: Issuetracking Framework
6.x
All All
: P2 (vote)
: TBD
Assigned To: Tomas Stupka
issues@connecteddeveloper
:
Depends on: 173413
Blocks:
  Show dependency treegraph
 
Reported: 2009-12-04 13:17 UTC by Jesse Glick
Modified: 2010-02-03 21:45 UTC (History)
0 users

See Also:
Issue Type: DEFECT
:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Glick 2009-12-04 13:17:24 UTC
BugzillaConfig stores your password insecurely in $userdir/config/Preferences/org/netbeans/modules/bugzilla.properties. Similarly for JiraConfig. This should be fixed to use the proposed keyring API instead.

For compatibility, when reading old settings, read the password; save it to the keyring; and delete it from disk. You should therefore be able to delete Scrambler.scramble even if descramble is kept around for a few releases.
Comment 1 Tomas Stupka 2010-01-21 07:00:10 UTC
use keyring in bugzilla
Issue #178168 - Insecure storage of issue tracking passwords
http://hg.netbeans.org/cdev/rev/370464447f52
Comment 2 Quality Engineering 2010-01-24 08:38:00 UTC
Integrated into 'main-golden', will be available in build *201001240200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/370464447f52
User: Tomas Stupka <tstupka@netbeans.org>
Log: use keyring in bugzilla
Issue #178168 - Insecure storage of issue tracking passwords
Comment 3 Tomas Stupka 2010-02-01 08:23:06 UTC
fixed
http://hg.netbeans.org/cdev/rev/8da8b01d2eda
Comment 4 Quality Engineering 2010-02-03 21:45:51 UTC
Integrated into 'main-golden', will be available in build *201002040200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main/rev/8da8b01d2eda
User: Tomas Stupka <tstupka@netbeans.org>
Log: Issue #178168 - Insecure storage of issue tracking passwords


By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2012, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo