How are users and passwords stored in the Jira Internal Directory
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
It may be a requirement for auditors or administrators to understand how usernames and passwords are stored within Jira's database. This article discusses the method used when users are stored in Jira's Internal Directory.
- Users are stored in the cwd_user table of Jira's database.
- Passwords are stored in the Credential column of the table and are hashed.
- Jira uses a password encoder called atlassian-security which is a wrapper around Bouncy Castle's implementation of PKCS #5 v2.0 (aka PBKDF2) utilizing a random 16-byte salt and 10,000 iterations, which results in a 256-bit hash.
- This salted PKCS5S2 implementation is provided by Embedded Crowd. You may read this community post on password security from one of our Crowd developers for more details.