New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: JRA-12381
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Chris Mountford [Atlassian]
Reporter: JP Patrikainen
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
JIRA

Data anonymiser does not blank out SMTP server username and password

Created: 15/Mar/07 05:22 PM   Updated: 21/Mar/07 06:05 PM
Component/s: Security
Affects Version/s: 3.8
Fix Version/s: 3.8.1

Time Tracking:
Not Specified

Issue Links:
Blocker
 
Reference
 

Participants: Anton Mazkovoi [Atlassian], Chris Mountford [Atlassian] and JP Patrikainen
Since last comment: 1 year, 23 weeks, 6 days ago
Resolution Date: 21/Mar/07 06:05 PM
Labels:


 Description  « Hide
SMTP server username and password are readable in database/xml export:

This can possible security leak e.g. when you sent support request, where you send database export to support. Anonymizer does not remove these values.

Username and password should be encoded format in database.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Anton Mazkovoi [Atlassian] added a comment - 15/Mar/07 09:51 PM
Hi JP,

Thank you for reporting this.

Please vote for the linked issue for improving how the username and passwords are stored.

I have changed the summary of this issue and we will use it to track the work on making sure the anonymiser blanks out these values.

Thanks again,
Anton
Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators