Security of password entered via "Run Custom Build" dialogue

Teamcity allows a project or system admin to set password type build parameters.  Although password type values are generally not visible, current Teamcity design allows other Teamcity admin to view the raw password by changing the parameter type from 'password' to 'text'.

I understand this limitation but my question is about the password type variable entered via "Run Custom Build" diagogue.

If an user changes the password type varaible at "Run Custom Build" dialogue, does Teamcity admin have some way to view the raw password from Teamcity log or Teamcity database?

Thanks,

1 comment
Comment actions Permalink

Hi Hyung,

> If an user changes the password type varaible at "Run Custom Build"  dialogue, does Teamcity admin have some way to view the raw password  from Teamcity log or Teamcity database?

TeamCity will make an effort not to display the password value in the build log or on the build's parameters tab. his basically excludes unintentional password seeing.

At the same time TeamCity administrators have full access to the system and if they want, they can modify the build script to get the password.
Much like a company system administrators: they have access to your computer and can get whatever information you enter if they really want that.

See also notes in the doc.

0

Please sign in to leave a comment.