Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.4, 5.0, 5.1, 5.2-m04
-
None
-
4.04
-
Description
When a user logins or fails to login JIRA updates a number of attributes that are stored in the CWD_USER_ATTRIBUTES table. Because of the SPI contract multiple values may be stored against any attribute and JIRA handles this situation by deleting all the values associated with this user_id attribute_name pair and then inserting the new values.
This behaviour is very poorly handled by postgresql. This behaviour is greatly exacerbated by bots which may use basic auth and authenticate with each incoming request, resulting in thousands of logins for the same user per day.
Attachments
Issue Links
- was cloned as
-
JRASERVER-29682 The JIRA implementation used to store login details is not thread safe.
- Closed
- is related to
-
JRADEV-11734 Loading...