Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-1876

Encrypt all external system passwords in Crowd's database

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Under Consideration (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

       

      Atlassian Update

      Hi everyone.

      We're always looking to make sure we're addressing highly-voted feature requests such as this one when feasible.

      However, we do not have current plans to work on the implementation of encrypting external system passwords in Crowd's database.

      The main reason for this is that we believe there is no solution that would fully resolve this issue in a secure manner and all known implementations would only give you a false sense of security.
      Moreover, introducing database passwords encryption would complicate current functionalities in Crowd, such as backup and restore.

      We understand that this will be a disappointment for many, but we remain committed to user-requested features. Please keep the feedback coming!

      Best Regards,
      Marcin Kempa

      mkempa@atlassian.com

       

      Anywhere that a password is stored in plaintext in Crowd's database, it should be encrypted. This will not stop a knowledgeable attacker, but may slow them down.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              doflynn David O'Flynn [Atlassian]
              Votes:
              52 Vote for this issue
              Watchers:
              49 Start watching this issue

                Dates

                Created:
                Updated: