Hey, recently we have experienced a small issue which triggered a discussion about the kind of data stored in a JIRA Database. Since then I have performed a small investigation and this is what I found:
1) Application Links using OAuth authentication - I have noticed that JIRA stores OAuth tokens for each user that used an Application Link. What is the expiration time of these tokens? Can I revoke them somehow?
2) Remember My Login tokens - is it safe to simply clear them all? What are the side-effects of such operation? Can they be abused somehow?
Is there anything else that JIRA stores in the DB that might be abused in some way?
@K M Welcome to community.
1) The tokens expire as specified in the "oauth_expires_in" parameter when you get the access token. For example, on a default configured JIRA instance on Atlassian's server is 157680000 (which is 5 years)
2) Yes you can clear them. When they are cleared individuals will have to login to the application again from the browser where the token was stored. If the individual does not lock their computer someone could potentially access Jira without logging in.
None of the information in the DB is encrypted so if a hacker compromised your DB server they would be able to access the data. If you have concerns about this you might look at this app. https://marketplace.atlassian.com/apps/1215791/encryption-for-jira?hosting=server&tab=overview
Jira is a great tool to use across different departments. Forget that paperwork – switch to Jira and get that tasks done smoothly. Marketing Jira allows for a complete digital transformation of you...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events