search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
38.59k stars 4.13k forks source link

[JIRA] plugin store credentials in base64 #15718

Open mbarbey opened 5 years ago

mbarbey commented 5 years ago

When registering a JIRA instance in a project, the information and credentials are stored in plain base64 in the database, which mean that anybody able to connect to the database or read the dumps can log into the JIRA instance with the account of the linked user (which can be catastrophic depending the user's permissions).

I would suggest encoding these data in openssl aes256-cbc or any securized way to store sensitive data.

github-actions[bot] commented 3 years ago

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Accepted, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

BYK commented 3 years ago

@mbarbey sorry this got stale. I'm thinking about how to fix this but can't really find a good solution as even if we encrypt the credentials, we'd still need to make the key available to the app to decrypt on-demand which defeats the purpose.

Am I missing something here?

mbarbey commented 3 years ago

@BYK I wasn't thinking about a sophisticated solution. The issue here is about the fact that by simply having access to the database you can get the credentials of a Jira administrator. And we all know well how frequently databases tend to be dumped and published on the web due to security issues somewhere else on websites or servers. And having plain credentials of an administrator directly in the dumps clearly isn't an optimal situation.

I see 2 possible solutions, one very easy and one easy :

1. very easy

Simply generating a random key at the installation, storing it in a file somewhere in the project, and using this key to encrypt the credentials before storing it in the database. This way, if someone want to get the Jira admin credentials, you need both access to the database and the host machine, which can be 2 differents systems.

2. easy

Same thing as the 1st option, but the file containing the encryption key is stored somewhere on the OS where the access is limited by users (like the .ssh directory on linux). It would probably be differents paths depending the OS so it might be a little more difficult than the 1st option, but not too much. And with this option, if you want to find the credentials, you need both access to the database, the hosting machine and logging as the user Sentry is using.

And in both case, when migrating data to a new server, you will need to copy the security file to the new server or reconfigure the Jira plugin.

What do you think about it ?