Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-3637

Remove the Plaintext password encoder

    XMLWordPrintable

    Details

    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Use of the plaintext password encoder introduces a security risk in the case of system compromise – one of the hashed, salted schemes (such as the default ATLASSIAN-SECURITY) should be used in any production environment.

      However, although it's not the default, having it present as an option creates the risk that it will be used: it would be safer to remove it entirely.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            dblack David Black
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: