Issue #671 resolved
Anonymous created an issue

We are currently reaching out to all of our vendors to receive answers for the following questions regarding PCI3.

1) Does the application store or transmit any passwords?
2) If so, is that in clear or encrypted?
3) If so, where are the passwords stored in the application?

Comments (2)

  1. Sebastian Sdorra repo owner

    If you use the default xml authentication, then SCM-Manager will store the passwords for these users. The password is stored as a hash in the users.xml of the scm home directory. If you use an external authentication like (ldap, ad, pam, cas or crowd), then scm-manager does not store any passwords. Passwords will be transferred using basic authentication, so it is highly recommended to setup ssl.

    Next time please use the mailing list, for questions like this one.

  2. Log in to comment