Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-10600

DON'T SEND PASSWORDS OVER THE INTERNET IN PLAIN TEXT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      I signed up for an account at jira.atlassian.com and my password was emailed to me in plain text. Passwords should never be handled this way. A password should be hashed with md5 or another function and the hash of the password stored. When the user logs in the password he gives is then hashed with the same function and the hashes are compared. This way, if the database is compromised, your user's passwords are not. Emailing passwords should NEVER be done. Emails are routinely archived in many US businesses (our government thinks its a good idea) and reviewed by people who do not have, for example, my access level. By emailing my password, you may have given a DBA access to non-public information which they are not authorized to have.

              Unassigned Unassigned
              5465321cf952 Andrew Dixon
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: