Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Fixed
Fix Version/s: 9.1.0
Component/s: Security
Labels:

UIS:
17
Support reference count:
23
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Problem

Passwords are not encrypted in the following file:

confluence-mail.cfg.xml
confluence.cfg.xml
catalina.properties
server.xml
other files that contain password

Suggested solution

Resolve an encryption scheme for anything requiring security stored on the file system.

Atlassian Update - 2024-10-08

Hi everyone,

Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1.

Further information on this can be found in our release notes, and here.

Kind regards,

Michael Andreacchio
Confluence Data Center Product Management

is duplicated by

CONFSERVER-8547 Encrypt all passwords stored on the file system

Closed

CONFSERVER-57946 Encrypt all passwords stored on the file system

Closed

CONFSERVER-60073 Password for database inside Confluence.cfg.xml is not encrypted

Closed

is related to

JRASERVER-31004 Encrypt database password in dbconfig.xml

Closed

relates to

CONFSERVER-31605 LDAP and Active Directory credentials are stored in plain text in database

Closed

CONFSERVER-7440 kerberos authentication support in Confluence for LDAP

Closed

CONFSERVER-11496 Advanced password management

Closed

CWD-4071 Encrypt Database Password in crowd.cfg.xml or use integrated authentication

Closed

CONFCLOUD-2146 Encrypt all passwords stored on the file system

Gathering Interest

CONFSERVER-60024 Automatic password rotation for AWS Secrets Manager

Gathering Interest

CONFSERVER-78567 Ability to Encrypt or obfuscate the plain text password in server.xml

Gathering Interest

CONFSERVER-98153 Password aging, expiry, and rotation for improved password management

Gathering Interest

CONFSERVER-29534 Passwords of configured SMTP mail accounts are stored in cleartext

Under Consideration

ANTM-638 Loading...

JOT-56 Loading...

is action for: VULN-359557 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(10 relates to, 1 is action for, 58 mentioned in)

Assignee:: Michael Andreacchio

Reporter:: Nick Faiz [OLD] (Inactive)

Votes:: 195 Vote for this issue

Watchers:: 149 Start watching this issue

Created:: 14/Nov/2004 11:03 PM

Updated:: 22 hours ago

Resolved:: 08/Oct/2024 2:19 AM

Details

Description

Problem

Suggested solution

Attachments

Issue Links

Forms

Activity

People

Dates