| Key: |
QB-4195
|
| Type: |
Improvement
|
| Status: |
Resolved
|
| Resolution: |
Fixed
|
| Priority: |
Major
|
| Assignee: |
Unassigned
|
| Reporter: |
Steve Luo
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 05/Aug/25 07:50 AM
Updated: 08/Aug/25 12:44 AM
|
|
| Component/s: |
None
|
| Affects Version/s: |
15.0.17
|
| Fix Version/s: |
15.0.18
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
|
Currently, GitHub plugin use the same token as clone repository, it may cause security leak as when clone repository, the git config file stores the password, so use GCM is a better approach. But as QuickBuild also uses that token to fetch Pull requests or update commit status, we can't empty the password field.
So, in this case, we need use a new field to store the token for REST access only.
|
|
Description
|
Currently, GitHub plugin use the same token as clone repository, it may cause security leak as when clone repository, the git config file stores the password, so use GCM is a better approach. But as QuickBuild also uses that token to fetch Pull requests or update commit status, we can't empty the password field.
So, in this case, we need use a new field to store the token for REST access only. |
Show » |
| There are no comments yet on this issue.
|
|
Use a new field to store the token for REST access in the GitHub plugin.