Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-11144

Don't send passwords in emails when External password/user management enabled

    XMLWordPrintable

Details

    • 4
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      In Admin -> General Configuration, there is an External password management flag which we recommend people turn on when using LDAP. In this case, when new users are created, it makes no sense to send the password in the email notification, since the password is unused (the LDAP password takes precedence). In fact, if users are self-registering and may enter their LDAP password, this is a security risk, as we don't want valid passwords going over unencrypted email.

      For people using JIRA currently, passwords in signup emails can be prevented by editing:

      atlassian-jira/WEB-INF/classes/templates/email/text/includes/userdetails.vm

      Attachments

        Issue Links

          relates to

          Suggestion - JRASERVER-8235 send email (without password) to new user even if it is from LDAP

          • Closed

          Activity

            People

              Unassigned Unassigned
              7ee5c68a815f Jeff Turner
              Votes:
              2 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: