pull-request-notifier-for-bitbucket icon indicating copy to clipboard operation
pull-request-notifier-for-bitbucket copied to clipboard

Published 20 hours ago verified publisher icon tomasbjerre

Encrypt authentication credentials

Open derekln1 opened this issue 10 years ago • 4 comments

Would it be possible to add encryption for the credentials? In the database lob_data, the credentials are stored as plain text. Thanks.

derekln1 avatar May 01 '15 22:05 derekln1

I would welcome it, but I don't know if its possible.

tomasbjerre avatar May 02 '15 18:05 tomasbjerre

It would be nice also to hide or mask somehow credentials that are shown through the rest: rest/prnfb-admin/1.0/settings/notifications

Even if users can not modify these notifications they still can get credentials from global settings.

Stupnikov-NA avatar Aug 12 '16 10:08 Stupnikov-NA

Couldn't you use something like this: http://bitwiseshiftleft.github.io/sjcl/

yippibrian avatar Sep 05 '18 19:09 yippibrian

This issue is partly solved by now exposing credentials as string KEEP_THIS_TO_LEAVE_UNCHANGED. This means credentials are still stored in plain text in the database, but not exposed in the rest API.

tomasbjerre avatar Sep 05 '18 19:09 tomasbjerre