Why is the Stash database password in plaintext?

Jen Connor January 27, 2014

Is there a way to hash the password for the stash database password? I was looking up how to change the password here: https://confluence.atlassian.com/display/STASH029/How+do+I+change+the+external+database+passwordand I realized our external database password was being stored in plaintext. Is this going to be changed in the future? I know we can chmod 700 on the directories so that only the jira service account can see the files, but our security team isn't happy that our possible production database password can be seen.

1 answer

1 accepted

2 votes
Answer accepted
cofarrell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 28, 2014

Hi Jen,

I'm curious how Stash would be able to connect to the database with a hashed password? The best you can do is encode it somehow, but anyone that gains access to the file will most likely be able to decode it again.

I'm assuming the password is for a Stash specific user in the database, that doesn't have access to anything else.

In any case I'm afraid we don't support non-plaintext passwords currently. chmoding the file is a good idea. Feel free to raise a feature request if you like.

Charles

cofarrell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 28, 2014
Jen Connor January 30, 2014

Hi Charles,

Thank you for linking that ticket. That is exactly the issue I was concerned with. I have set permissions on the folder for access by the stash admin for now. I'll make sure to keep track to that ticket to see where it is going.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events