Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to disable page preview on permission request?

sameoldmadness
sameoldmadness August 31, 2015

I've created a page with restricted access.

When someone requests permissions to this page, I revieve an email with a preview of this page.

The page has restricted access for a reason — it contains sensitive data. It's highliy undesirable to leak that data into email account.

I consider this a security issue.

Answer
Watch
Like Be the first to like this
394 views

2 answers

0 votes
Justice McCullum
Justice McCullum September 30, 2015

Hi Roman, first of all thanks for the feedback mate. smile 
Would you mind creating a feature request ticket so we can have others voting on and discussing this issue? https://jira.atlassian.com/secure/CreateIssue!default.jspa 

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2015

That's not a security issue, you have the right to see the page already.

View More Comments
sameoldmadness
sameoldmadness August 31, 2015

My confluence account, not the gmail one. If I trust Atlassian, that does not mean I trust Google.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2015

If you don't trust google for your email, that's fine. You'll need to use an email address you do trust instead. It's not Confluence's fault that you have chosen an email you don't trust.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2015

Sorry, I should also have said that if you must do this because you've got insecure email accounts, you will need to hack the core code that builds the email.

Like
sameoldmadness
sameoldmadness August 31, 2015

No, that is not fine, because the data is already shared with third party. Without my explicit permission, as far as I can see. The trust issue is not the only one, it's also about expectations. I may intentionally use that mailbox for insensitive data only so I could read it in public places.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 31, 2015

Ok, so it's not fine. So stop using insecure email accounts - if you believed them to be insecure, then you shouldn't have used them in the first place.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events