-
Suggestion
-
Resolution: Done
-
None
-
None
The database password is currently stored in cleartext in bamboo.cfg.xml. Can we get at least some optional level of obfuscation of this password?
[BAM-2670] Don't store the database password in cleartext in bamboo.cfg.xml
Kirk Wylie
added a comment - Definitely agreed with that, and in fact we're not even going to be
using that configuration (we'll be using a data source for controlled
password access). This was just a quick thing that I found that many
people might not initially realize, that the bamboo configuration file
has a cleartext database password. It might be preferrable to just
document the security implications on this.
–
This message may contain confidential, proprietary, or legally privileged information. No confidentiality or privilege is waived by any transmission to an unintended recipient. If you are not an intended recipient, please notify the sender and delete this message immediately. Any views expressed in this message are those of the sender, not those of any entity within the KBC Financial Products group of companies (together referred to as "KBC FP").
This message does not create any obligation, contractual or otherwise, on the part of KBC FP. It is not an offer (or solicitation of an offer) of, or a recommendation to buy or sell, any financial product. Any prices or other values included in this message are indicative only, and do not necessarily represent current market prices, prices at which KBC FP would enter into a transaction, or prices at which similar transactions may be carried on KBC FP's own books. The information contained in this message is provided "as is", without representations or warranties, express or implied, of any kind. Past performance is not indicative of future returns.
Kirk Wylie
added a comment - Definitely agreed with that, and in fact we're not even going to be
using that configuration (we'll be using a data source for controlled
password access). This was just a quick thing that I found that many
people might not initially realize, that the bamboo configuration file
has a cleartext database password. It might be preferrable to just
document the security implications on this.
–
This message may contain confidential, proprietary, or legally privileged information. No confidentiality or privilege is waived by any transmission to an unintended recipient. If you are not an intended recipient, please notify the sender and delete this message immediately. Any views expressed in this message are those of the sender, not those of any entity within the KBC Financial Products group of companies (together referred to as "KBC FP").
This message does not create any obligation, contractual or otherwise, on the part of KBC FP. It is not an offer (or solicitation of an offer) of, or a recommendation to buy or sell, any financial product. Any prices or other values included in this message are indicative only, and do not necessarily represent current market prices, prices at which KBC FP would enter into a transaction, or prices at which similar transactions may be carried on KBC FP's own books. The information contained in this message is provided "as is", without representations or warranties, express or implied, of any kind. Past performance is not indicative of future returns.
Adrian Hempel [Atlassian]
added a comment - Thanks for the suggestion.
I'm concerned that doing this would only provide the appearance of security, rather than actual security. Providing a false sense of security can be worse than no security at all.
Bamboo needs the cleartext password to send to the database, so we'd have to use reversible encryption, rather than the kind of one-way hash function that is typically used to protect password files. The decryption algorithm would be freely available, as it would be in the Bamboo code, which is available to anyone. So, anyone with access to the file and basic Java skills would be able to decrypt your password without too much difficulty.
Instead, you should protect your Bamboo installation with appropriate file system permissions. This is prudent in any case, as your Bamboo home directory will also contain sensitive data.
Adrian Hempel [Atlassian]
added a comment - Thanks for the suggestion.
I'm concerned that doing this would only provide the appearance of security, rather than actual security. Providing a false sense of security can be worse than no security at all.
Bamboo needs the cleartext password to send to the database, so we'd have to use reversible encryption, rather than the kind of one-way hash function that is typically used to protect password files. The decryption algorithm would be freely available, as it would be in the Bamboo code, which is available to anyone. So, anyone with access to the file and basic Java skills would be able to decrypt your password without too much difficulty.
Instead, you should protect your Bamboo installation with appropriate file system permissions. This is prudent in any case, as your Bamboo home directory will also contain sensitive data. 
The only way to secure that password is to use a datasource and put the password on the datasource side. Anything else will not increase security.