[BSERV-9453] Add support for crowd.properties configuration

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Crowd
Labels:
- compliance

UIS:
1
Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Like many other Atlassian tools, Bitbucket should support configuring the crowd directory from the crowd.properties file.

Currently, it seems that all of the crowd directory configuration is stored in the database and can only be configured with the Administrator UI.

Would also like to note that the password is stored in plain-text in the database – which is just bad practice.. tsk tsk

Please consider adding support for the crowd.properties file for added consistency of configuration across the suite of tools.

https://confluence.atlassian.com/crowd/the-crowd-properties-file-98665664.html

Roger Barnes (Inactive) added a comment - 23/Feb/2017 1:59 AM

Thanks mlalpho, that's a reasonable rationale.

Roger Barnes (Inactive) added a comment - 23/Feb/2017 1:59 AM Thanks mlalpho , that's a reasonable rationale.

Michael Alphonso added a comment - 22/Feb/2017 12:15 PM

It's all about balancing risk.. imagine a SQLi technique got out this year.

Storing on the file system minimizes risk.

You could also store encrypted in the database and store a key in the file system. Although that has slightly more cpu overhead.

Michael Alphonso added a comment - 22/Feb/2017 12:15 PM It's all about balancing risk.. imagine a SQLi technique got out this year. Storing on the file system minimizes risk. You could also store encrypted in the database and store a key in the file system. Although that has slightly more cpu overhead.

Roger Barnes (Inactive) added a comment - 22/Feb/2017 5:15 AM

Thanks for the suggestion mlalpho.

Regarding the password storage, I'm interested in what you believe good practice to be. If we encrypt in database, then another key still has to be stored somewhere in plaintext.

Roger Barnes (Inactive) added a comment - 22/Feb/2017 5:15 AM Thanks for the suggestion mlalpho . Regarding the password storage, I'm interested in what you believe good practice to be. If we encrypt in database, then another key still has to be stored somewhere in plaintext.

Assignee:: Unassigned

Reporter:: Michael Alphonso

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 11/Jan/2017 8:05 AM

Updated:: 25/Feb/2025 2:32 AM

Bitbucket Data Center

Details

Description

Attachments

Forms

Activity

Collapse comment: Roger Barnes (Inactive) added a comment - 23/Feb/2017 1:59 AM

Expand comment: Roger Barnes (Inactive) added a comment - 23/Feb/2017 1:59 AM

Collapse comment: Michael Alphonso added a comment - 22/Feb/2017 12:15 PM

Expand comment: Michael Alphonso added a comment - 22/Feb/2017 12:15 PM

Collapse comment: Roger Barnes (Inactive) added a comment - 22/Feb/2017 5:15 AM

Expand comment: Roger Barnes (Inactive) added a comment - 22/Feb/2017 5:15 AM

People

Dates

Backbone Issue Sync