Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3637

Remove the Plaintext password encoder

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Use of the plaintext password encoder introduces a security risk in the case of system compromise – one of the hashed, salted schemes (such as the default ATLASSIAN-SECURITY) should be used in any production environment.

      However, although it's not the default, having it present as an option creates the risk that it will be used: it would be safer to remove it entirely.

      Attachments

        Activity

          People

            Unassigned Unassigned
            dblack David Black
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: