![]() |
|
|
|
|
Issue Type:
|
![Improvement]() Improvement
|
|
Assignee:
|
Cletus D'Souza
|
|
Components:
|
integrity-plugin |
|
Created:
|
11/Feb/15 5:26 PM
|
|
Description:
|
I really don't think it is a good idea to store the user and password in the general configuration. This means that anyone who can create a job has access to all projects of the users stored in the general configuration. This information must be stored in each individual job.
I have no problem with the server information being stored in the general configuration, but the user name and password is a real security problem for us.
I can understand that where each project has its own Jenkins server and their own service account, this will be much easier. However, we have a central Jenkins server that is run by the Tools Group that has many varied jobs, some of which require admin access to Integrity. This means that anyone who can create jobs on this particular Jenkins server (including the majority of users who should not have admin access to Integrity) can get access to all Integrity projects, which is not allowed.
|
|
Environment:
|
Integrity Plugin Version 1.30
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Cletus D'Souza
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
