Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-2670

Don't store the database password in cleartext in bamboo.cfg.xml

    • Icon: Suggestion Suggestion
    • Resolution: Done
    • None
    • Security
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      The database password is currently stored in cleartext in bamboo.cfg.xml. Can we get at least some optional level of obfuscation of this password?

            [BAM-2670] Don't store the database password in cleartext in bamboo.cfg.xml

            The only way to secure that password is to use a datasource and put the password on the datasource side. Anything else will not increase security.

            Przemek Bruski added a comment - The only way to secure that password is to use a datasource and put the password on the datasource side. Anything else will not increase security.

            Kirk Wylie added a comment -

            Definitely agreed with that, and in fact we're not even going to be
            using that configuration (we'll be using a data source for controlled
            password access). This was just a quick thing that I found that many
            people might not initially realize, that the bamboo configuration file
            has a cleartext database password. It might be preferrable to just
            document the security implications on this.


            This message may contain confidential, proprietary, or legally privileged information. No confidentiality or privilege is waived by any transmission to an unintended recipient. If you are not an intended recipient, please notify the sender and delete this message immediately. Any views expressed in this message are those of the sender, not those of any entity within the KBC Financial Products group of companies (together referred to as "KBC FP").

            This message does not create any obligation, contractual or otherwise, on the part of KBC FP. It is not an offer (or solicitation of an offer) of, or a recommendation to buy or sell, any financial product. Any prices or other values included in this message are indicative only, and do not necessarily represent current market prices, prices at which KBC FP would enter into a transaction, or prices at which similar transactions may be carried on KBC FP's own books. The information contained in this message is provided "as is", without representations or warranties, express or implied, of any kind. Past performance is not indicative of future returns.

            Kirk Wylie added a comment - Definitely agreed with that, and in fact we're not even going to be using that configuration (we'll be using a data source for controlled password access). This was just a quick thing that I found that many people might not initially realize, that the bamboo configuration file has a cleartext database password. It might be preferrable to just document the security implications on this. – This message may contain confidential, proprietary, or legally privileged information. No confidentiality or privilege is waived by any transmission to an unintended recipient. If you are not an intended recipient, please notify the sender and delete this message immediately. Any views expressed in this message are those of the sender, not those of any entity within the KBC Financial Products group of companies (together referred to as "KBC FP"). This message does not create any obligation, contractual or otherwise, on the part of KBC FP. It is not an offer (or solicitation of an offer) of, or a recommendation to buy or sell, any financial product. Any prices or other values included in this message are indicative only, and do not necessarily represent current market prices, prices at which KBC FP would enter into a transaction, or prices at which similar transactions may be carried on KBC FP's own books. The information contained in this message is provided "as is", without representations or warranties, express or implied, of any kind. Past performance is not indicative of future returns.

            Thanks for the suggestion.

            I'm concerned that doing this would only provide the appearance of security, rather than actual security. Providing a false sense of security can be worse than no security at all.

            Bamboo needs the cleartext password to send to the database, so we'd have to use reversible encryption, rather than the kind of one-way hash function that is typically used to protect password files. The decryption algorithm would be freely available, as it would be in the Bamboo code, which is available to anyone. So, anyone with access to the file and basic Java skills would be able to decrypt your password without too much difficulty.

            Instead, you should protect your Bamboo installation with appropriate file system permissions. This is prudent in any case, as your Bamboo home directory will also contain sensitive data.

            Adrian Hempel [Atlassian] added a comment - Thanks for the suggestion. I'm concerned that doing this would only provide the appearance of security, rather than actual security. Providing a false sense of security can be worse than no security at all. Bamboo needs the cleartext password to send to the database, so we'd have to use reversible encryption, rather than the kind of one-way hash function that is typically used to protect password files. The decryption algorithm would be freely available, as it would be in the Bamboo code, which is available to anyone. So, anyone with access to the file and basic Java skills would be able to decrypt your password without too much difficulty. Instead, you should protect your Bamboo installation with appropriate file system permissions. This is prudent in any case, as your Bamboo home directory will also contain sensitive data.

              pbruski Przemek Bruski
              aca233f59075 Kirk Wylie
              Votes:
              3 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: