Is there any way to password protect a page?

Our wiki is already broken down so that different user accounts have different roles and access, but in the interest of provide redundent protection for especially sensitive data, is there any way you can password protect a specific page? We're getting by by using password protected excel documents and attaching them, but that's hardly ideal.

Thanks,

Kyle

7 answers

This widget could not be displayed.

its possible if you code directly on the page(s) you want to protect. if the pages are scripts e.g. index.php, index.asp etc you can hardcode the password, so here we go in php )....Indentify the page u want to protect ususlly index.php (but if its not explicity shown e.g. http://index.php/products this means "products" is a folder that contains another index.php Modify the index.php by a few line of code using a good editor,, Dreamweaver is my favourite,, but a plain text editor can do.

Put the javascript code above the <head> tag

<script>
function validatex(pwd){
var password=prompt("Enter a password please","password");
if (password!=null && password!="")
{ //check password
if (password==pwd){
//PROCEED
alert ("correct password was entered!");
}
else{
alert("Wrong password entered!");
location.reload();
}
} //else password is invalid
else{
alert("Invalid pasword entered, please try again!");
location.reload();
}
}
</script>


Then add PHP code immediately below <body> tag as follows


<?php
echo "<script> validatex('abcd')</script>";//PREFERRED PASSWORD IS 'abcd'
?>

That won't work for Confluence, it's not php.

Also, you should never do security with javascript, as the user can simply bypass it.

This widget could not be displayed.

i dont kno about Confluence

heres another way i did it

i put the javascript where it belongs,,withinm the <script> tags

<script>

function hideObject(idx){
document.getElementById(idx).style.display = "none";
//document.getElementById(idx).style.visibility = 'hidden';
}

</script>

Then the form for password objects below the <body> tag

<form action="" method="post">
<label id="passwordlabel">Password</label>
<input type="text" name="password" id="password" />
<br />
<input type="submit" name="submitpassword" id="submitpassword" value="Submit" />
</form>

and follow with PHP code below the form,, anything below PHP code will not load if the password is incorrect

<?php
if (isset($_POST['submitpassword'])){
if ($_POST['password']== "abcd"){//PREFEREED PASSOWRD IS 'abcd'
//PROOCEED WITH PAGE DISPLAY and hide password objects
echo "<script> hideObject('passwordlabel');</script>";
echo "<script> hideObject('password');</script>";
echo "<script> hideObject('submitpassword');</script>";
}else{
//terminate page
exit;
}
}else{
//terminate page
exit;
}
?>

What's with the PHP again? Do you use Confluence? If you don't know about Atlassian tools, why are you answering questions about something you know nothing about?

Oh, common Matt. PHP IS THE ANSWER TO EVERYTHING, not that old fashioned 42.

This widget could not be displayed.

Yes the issue of security is important,,

by sniffing binary data coming in during load he can hack the password i think

for an enclosed intranet its secure enough i think. but your point is taken

i think its better to use a database stored password and do the checking within PHP code

thanks

Javascript is utterly insecure. It's run by the *browser*, the user can simply press ctrl-u to expose it and even the most simple debugger can bypass it.

There's no need to sniff at all, you can simply walk straight around it.

And, again, your answer misses one major point - Confluence is NOT php.

This widget could not be displayed.

The original question didnt mention Confluence and so i guess i can answer in the way I know best. Kind regards;

Er, this is an Atlassian forum, so it implies the use of at least one of the Atlassian suite. It also says "confluence" in the tags.

There's lots of clues here that it's not php based (and javascript still won't work)

This widget could not be displayed.

Hi Kyle,

I'm afraid this is not possible, but that's an interesting idea. You can consider raising a feature request at href="https://jira.atlassian.com%20">https://jira.atlassian.com regarding this matter.

For now, you can work with Page restrictions in order to allow only certain users/groups to view an specific page.

Cheers

This widget could not be displayed.

Hi,

Take a look at Customware's Security and Encryption Plugin. It uses PGP to encrypt some content and adds an additional level of page protection.

It is not very userfriendly (eg. no autocomplete) and not well integrated (encrypted content is stored separately and not with the page). But if you really need this level of protection you probably can live with it.

Be sure to use the latest version if your confluence is running on Java 7!

- Steffen

This widget could not be displayed.

I'm guessing from yoru question that a lot of users have admin access that shouldn't? Even if you could easily password protect a page, you'd only be putting a band-aid on the problem. Anyone who has access to the server of the database can bypass the page level security provided by Confluence. It's a problem we've had with Confluence in that you can't use it to securely store passwords (haven't tried Customware/Service Rocket's plugin).

I'd tackle the problem of your user access levels as it will only come back again & again.

One solution we use is to store password files on restricted network shares and link to them from the confluence page.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

516 views 7 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you