[
https://issues.jenkins-ci.org/browse/JENKINS-12747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=159011#comment-159011
]
Mike Winters commented on JENKINS-12747:
----------------------------------------
I'm sorry that you're unable to reproduce the issue, but I've consistently been
able to reproduce it with new jobs. I have also tried rolling back and
reinstalling the EnvInject plugin, with no change in the results. If a solution
can't be found, my only option will be to remove the EnvInject plugin, because
I can't continue to let it expose passwords the way it is doing now. I don't
want to go that route, as it will make some other configuration settings more
difficult.
> Perforce Passwords are exposed by the EnvInject plugin
> ------------------------------------------------------
>
> Key: JENKINS-12747
> URL: https://issues.jenkins-ci.org/browse/JENKINS-12747
> Project: Jenkins
> Issue Type: Bug
> Components: envinject, perforce
> Environment: Windows 7 Enterprise SP1 (x64)
> Jenkins 1.450
> EnvInject 1.20
> Perforce 1.3.7
> Mask Passwords 2.7.2
> Reporter: Mike Winters
> Assignee: gbois
>
> Originally reported as part of JENKINS-12423, I am reopening this as a
> separate defect at the author's request. My original defect report from that
> issue is as follows:
> With Jenkins 1.450, Perforce plugin 1.3.7, EnvInject 1.17, and Mask Passwords
> 2.7.2, the Perforce passwords are being displayed in plain text on the
> "Injected Environment Variables" page. I have tried setting the passwords to
> be masked in the global Jenkins config as well as in the individual jobs, but
> nothing I have tried is masking the passwords.
> In the case of the Perforce passwords, the issue was happening before I
> installed the Mask Passwords plugin (I only installed that in an attempt to
> hide the passwords). It seems that perhaps the Perforce plugin (and plugins
> for other source control systems?) are exposing the passwords in a way that
> the EnvInject plugin doesn't know to look for. I'm not sure where the best
> place to fix this is, or what the optimal fix should be, as I am not familiar
> with the Jenkins codebase or the code for any of the relevant plugins.
> However, the quicker a solution can be implemented, the happier I will be :).
> Thanks!
> After updating to EnvInject 1.20, the Perforce password is still being
> exposed (P4PASSWD variable) on the "Injected Environment Variables" page
> available on the left menu on each build. I suspect that this may require
> changes to both the EnvInject plugin and the Perforce plugin.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
