Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23072

turn the authentication token from a textbox to a password field

    Details

    • Similar Issues:

      Description

      Trigger builds remotely/authentication token is a textbox. If you use per-project based security and enabled extended read, the token isn't obfuscated.

      Could you turn the textbox to a password field?

      I understand it is a corner case but the authentication token should be considered a password IMO.

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          Not a bug.

          If it were a password box, there would be no way to get its current value, so that's impractical. (This isn't a use case with passwords to external systems, so there's no problem there)

          Workaround: Don't assign Extended Read permissions on remotely triggerable projects to untrusted users. Trigger the job in question differently e.g. as downstream job from a non-ExtendedReadable, but remotely triggerable job, or using real HTTP auth (username + API token).

          Show
          danielbeck Daniel Beck added a comment - Not a bug. If it were a password box, there would be no way to get its current value, so that's impractical. (This isn't a use case with passwords to external systems, so there's no problem there) Workaround: Don't assign Extended Read permissions on remotely triggerable projects to untrusted users. Trigger the job in question differently e.g. as downstream job from a non-ExtendedReadable, but remotely triggerable job, or using real HTTP auth (username + API token).
          Hide
          fabo Fathi Boudra added a comment -

          yes, it isn't a bug it's a feature request.

          like any password box in jenkins, I don't want to get the current value.

          your workaround doesn't scale with a thousand jobs.

          Show
          fabo Fathi Boudra added a comment - yes, it isn't a bug it's a feature request. like any password box in jenkins, I don't want to get the current value. your workaround doesn't scale with a thousand jobs.

            People

            • Assignee:
              Unassigned
              Reporter:
              fabo Fathi Boudra
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: