Password, username and URL is saved in plain text #25
Comments
|
Do you have any recommendations on how else to save the password? AFAIK, we need the raw password in order to authenticate with sonar web services. |
|
We could try to use the build-in authentication / password-manager of IDEA. This is also used for e.g. authentication at github or password protected private-key authentications. If this is ok for everyone, I'll try to find a sample how to use this. |
|
I never wrote a plugin for idea, could you not use something like: |
|
I found a sample showing a possible implementation here: https://github.com/JetBrains/intellij-community/blob/master/plugins/git4idea/src/git4idea/jgit/GitHttpAdapter.java Unfortunately the build of "sonar-intellij-plugin" fails on my local machine due to a problem with "ideauidesigner-maven-plugin" therefore I am currently not able fix the problem. @gshakhn can you provide the fix? |
|
@aheusingfeld You'll have to install https://github.com/gshakhn/ideauidesigner-maven-plugin locally. The official version of the maven plugin doesn't work with 12.x due to a weird compiler issue. |
|
Has anyone started on this one, yet? Otherwise I'm going to take on it next week. |
|
Haven't started this yet, so go for it. :) |
|
I already started but it's a little more tricky than I thought. I'm currently thinking about how to remove the password from the existing config files without messing our code. Seems I need a little more reading on the @State and @Storage annotations' implicit behaviour. ;) |
|
I moved this issue to the new home of our plugin at sonar-intellij-plugin/sonar-intellij-plugin#18. Please comment there for further issues. Thanks for your support! |
The password especially. This is a security threat, especially given that it saves it within the project tree and usually within VC.
The text was updated successfully, but these errors were encountered: