Key: |
QB-3451
|
Type: |
Bug
|
Status: |
Resolved
|
Resolution: |
Fixed
|
Priority: |
Critical
|
Assignee: |
Steve Luo
|
Reporter: |
AlSt
|
Votes: |
0
|
Watchers: |
0
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 07/Oct/19 08:06 AM
Updated: 23/Oct/19 01:11 AM
|
|
Component/s: |
None
|
Affects Version/s: |
8.0.38
|
Fix Version/s: |
9.0.23
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
We changed the git password recently and had quite a lot failing builds afterwards (or not even builds, because in checking build condition it already failed). The password is also stored in plaintext on the host which is a security risk because the password might leak.
We use https checkouts because distributing the ssh key to 300+ machines is not the best thing and also on Windows it is not that easy to use ssh at all.
I would expect Quickbuild to not store the password on the host, because it is a secret in QB. Also that way it would be able to change the password because it is not stored on the host in the gitconfig.
|
Description
|
We changed the git password recently and had quite a lot failing builds afterwards (or not even builds, because in checking build condition it already failed). The password is also stored in plaintext on the host which is a security risk because the password might leak.
We use https checkouts because distributing the ssh key to 300+ machines is not the best thing and also on Windows it is not that easy to use ssh at all.
I would expect Quickbuild to not store the password on the host, because it is a secret in QB. Also that way it would be able to change the password because it is not stored on the host in the gitconfig. |
Show » |
|
When password is changed, QuickBuild doesn't start a clean build and that is the reason caused this issue. It will be fixed soon.
But to remove password from gitconfig is not possible from QuickBuild side. But you still have options if you really concern the security issue. You can:
# Use global insteadof like:
git config --global url."https://username:password@github.com/username/repo.git".insteadOf https://github.com/username/repo.git
in this way, your password will be only stored in ~/.gitconfig file, and in quickbuild, you needn't specify the username and password any more.