Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Duplicate
Fix Version/s: None
Component/s: Security
Labels:
None

UIS:
1
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Files such as:

<BAMBOO_INSTALL>/conf/server.xml if you're using a different Keystore Password for SSL
<BAMBOO_HOME>/bamboo.cfg.xml for the Database configuration.
<BAMBOO_HOME>/xml-data/configuration/crowd.properties, if using and external Crowd.
<BAMBOO_HOME>/xml-data/configuration/atlassian-user.xml in prior to 6.6.x Embedded Crowd

Have Password information set in Plaintext and due to some security guidelines as discussed by Customers at ~~JRASERVER-31004~~ may require to be Encrypted/Obfuscated for increased security.

There is already a Suggestion that addresses only the Database configuration password, ~~BAM-2670~~, which is marked as resolved and related to ~~JRASERVER-31004~~ which is "in progress". I'm opening this one to broaden the same need to the other configuration and files existent.

Please, consider the possibilities to address the behaviour in these and Encrypt/Obfuscate plaintext password data as well.

Attachments

Issue Links

duplicates

BAM-2670 Don't store the database password in cleartext in bamboo.cfg.xml

Closed

BAM-19637 Mask/Encrypt credentials in configuration files

Closed

is related to

JRASERVER-31004 Encrypt database password in dbconfig.xml

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Thiago Tietze (Inactive)

Votes:: 3 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 28/Jan/2019 2:56 PM

Updated:: 19/Sep/2019 5:44 AM

Resolved:: 15/Aug/2019 4:37 PM