Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

About Database custom field, crypt password of DB Connection

j
j August 21, 2014

Is there a way to encrypt the password of a connection in context.xml file?

Answer
Watch
Like Be the first to like this
214 views

1 answer

0 votes
Silviu Burcea
Silviu Burcea
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 25, 2014

Hi,

 

This is already answered here: http://bugs.kepler.ro/browse/DBCF-119. In short, it is not possible, and if someone has access to the context.xml file, you have bigger security issues.

It is possible to encrypt the password, but you will have to write a custom factory that will decrypt the password on the Tomcat's side, but again, if an attacker has access to your Tomcat, he can decompile your factory class to access the actual db password.

 

To sum up, restrict the access to your Tomcat/JIRA instance, it's far easier, cleaner and safer way to secure your system.

 

Best regards,

Silviu

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events