-
Suggestion
-
Resolution: Fixed
-
None
Problem Definition
Currently, according to the documentation Integrating Bamboo with LDAP, the LDAP passwords are stored in Bamboo's database table CWD_DIRECTORY_ATTRIBUTE un-encrypted.
Suggested Solution
The existing documentation recommends:
To guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application's database or configuration files.
For a better protection encrypt the credentials stored in the CWD_DIRECTORY_ATTRIBUTE table.
Workaround
There is no workaround.
[BAM-20929] Encrypt LDAP access credentials in the database
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Gathering Interest [ 11772 ] | New: Closed [ 6 ] |
| Assignee | New: Sylwester Jeruzal [ 0e9420ab33a9 ] |
| Fix Version/s | New: 9.0.0 [ 100790 ] |
| Description |
Original:
h3. Problem Definition
Currently, according to the documentation [Integrating Bamboo with LDAP|https://confluence.atlassian.com/bamboo/integrating-bamboo-with-ldap-289277210.html], the LDAP passwords are stored in Bamboo's database table CWD_DIRECTORY_ATTRIBUTE un-encrypted. h3. Suggested Solution The existing documentation recommends: {quote}To guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application's database or configuration files. {quote} Encrypt the credentials stored in the CWD_DIRECTORY_ATTRIBUTE table to provide a better protection. h3. Workaround There is no workaround. |
New:
h3. Problem Definition
Currently, according to the documentation [Integrating Bamboo with LDAP|https://confluence.atlassian.com/bamboo/integrating-bamboo-with-ldap-289277210.html], the LDAP passwords are stored in Bamboo's database table CWD_DIRECTORY_ATTRIBUTE un-encrypted. h3. Suggested Solution The existing documentation recommends: {quote}To guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application's database or configuration files. {quote} For a better protection encrypt the credentials stored in the CWD_DIRECTORY_ATTRIBUTE table. h3. Workaround There is no workaround. |
| Description |
Original:
Currently, as of [Integrating Bamboo with LDAP|https://confluence.atlassian.com/bamboo/integrating-bamboo-with-ldap-289277210.html], LDAP passwords are stored in Bamboo's database and there in table CWD_DIRECTORY_ATTRIBUTE. Unfortunately, they are not encrypted.
The above KB gives the following as a security advise. {quote}To guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application's database or configuration files. {quote} The best protection possible, though, would be encrypting all passwords stored in this table. |
New:
h3. Problem Definition
Currently, according to the documentation [Integrating Bamboo with LDAP|https://confluence.atlassian.com/bamboo/integrating-bamboo-with-ldap-289277210.html], the LDAP passwords are stored in Bamboo's database table CWD_DIRECTORY_ATTRIBUTE un-encrypted. h3. Suggested Solution The existing documentation recommends: {quote}To guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application's database or configuration files. {quote} Encrypt the credentials stored in the CWD_DIRECTORY_ATTRIBUTE table to provide a better protection. h3. Workaround There is no workaround. |
| Summary | Original: LDAP access credentials shall get stored encrypted in Bamboo | New: Encrypt LDAP access credentials in the database |