atlassian-python-api icon indicating copy to clipboard operation
atlassian-python-api copied to clipboard

Published 20 hours ago verified publisher icon atlassian-api

remove password from storage in object

Open nmz787 opened this issue 4 years ago • 2 comments

I see the only place the object variable password is used is in jira.py based on this search of the repo:

$ grep -ri "\.password"
atlassian/jira.py:            "webSudoPassword": self.password,
atlassian/rest_client.py:        self.password = password
examples/jira/jira_jql_fetcher_as_weekly_report.py:    jira = Jira(url=args.url, username=args.user, password=args.password)

It seems like it would be safer to not store this, pushing the responsibility completely to the sessions object instead.

nmz787 avatar Mar 24 '21 19:03 nmz787

@nmz787 could you share the exactly what is the purpose of that?

gonchik avatar Apr 23 '21 12:04 gonchik

@nmz787 could you share the exactly what is the purpose of that?

just reducing the chance of leaking the password to another module that could be performing introspection, i.e. some other open-source module that isn't fully trusted.

nmz787 avatar May 19 '21 15:05 nmz787