Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-7632

Change hg clone into hg init/hg pull (to get rid of credentials in .hgrc)

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      forums

      I went through the cache directories in the server and noticed also slight security issue. Bamboo seems to register the repository path with username/password into the hgrc file in plain text (in the url) in the cache directory and the file permissions are such that it is readable by all. Not that the source code and builds itself might have something sensitive, but atleast I find it good to know that the username/password is not secure within the file system.

              Unassigned Unassigned
              pstefaniak PiotrA
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: