Is there any way to password protect a page?

Our wiki is already broken down so that different user accounts have different roles and access, but in the interest of provide redundent protection for especially sensitive data, is there any way you can password protect a specific page? We're getting by by using password protected excel documents and attaching them, but that's hardly ideal.

Thanks,

Kyle

7 answers

its possible if you code directly on the page(s) you want to protect. if the pages are scripts e.g. index.php, index.asp etc you can hardcode the password, so here we go in php )....Indentify the page u want to protect ususlly index.php (but if its not explicity shown e.g. http://index.php/products this means "products" is a folder that contains another index.php Modify the index.php by a few line of code using a good editor,, Dreamweaver is my favourite,, but a plain text editor can do.

Put the javascript code above the <head> tag

<script>
function validatex(pwd){
var password=prompt("Enter a password please","password");
if (password!=null && password!="")
{ //check password
if (password==pwd){
//PROCEED
alert ("correct password was entered!");
}
else{
alert("Wrong password entered!");
location.reload();
}
} //else password is invalid
else{
alert("Invalid pasword entered, please try again!");
location.reload();
}
}
</script>


Then add PHP code immediately below <body> tag as follows


<?php
echo "<script> validatex('abcd')</script>";//PREFERRED PASSWORD IS 'abcd'
?>

That won't work for Confluence, it's not php.

Also, you should never do security with javascript, as the user can simply bypass it.

i dont kno about Confluence

heres another way i did it

i put the javascript where it belongs,,withinm the <script> tags

<script>

function hideObject(idx){
document.getElementById(idx).style.display = "none";
//document.getElementById(idx).style.visibility = 'hidden';
}

</script>

Then the form for password objects below the <body> tag

<form action="" method="post">
<label id="passwordlabel">Password</label>
<input type="text" name="password" id="password" />
<br />
<input type="submit" name="submitpassword" id="submitpassword" value="Submit" />
</form>

and follow with PHP code below the form,, anything below PHP code will not load if the password is incorrect

<?php
if (isset($_POST['submitpassword'])){
if ($_POST['password']== "abcd"){//PREFEREED PASSOWRD IS 'abcd'
//PROOCEED WITH PAGE DISPLAY and hide password objects
echo "<script> hideObject('passwordlabel');</script>";
echo "<script> hideObject('password');</script>";
echo "<script> hideObject('submitpassword');</script>";
}else{
//terminate page
exit;
}
}else{
//terminate page
exit;
}
?>

What's with the PHP again? Do you use Confluence? If you don't know about Atlassian tools, why are you answering questions about something you know nothing about?

Oh, common Matt. PHP IS THE ANSWER TO EVERYTHING, not that old fashioned 42.

Yes the issue of security is important,,

by sniffing binary data coming in during load he can hack the password i think

for an enclosed intranet its secure enough i think. but your point is taken

i think its better to use a database stored password and do the checking within PHP code

thanks

Javascript is utterly insecure. It's run by the *browser*, the user can simply press ctrl-u to expose it and even the most simple debugger can bypass it.

There's no need to sniff at all, you can simply walk straight around it.

And, again, your answer misses one major point - Confluence is NOT php.

The original question didnt mention Confluence and so i guess i can answer in the way I know best. Kind regards;

Er, this is an Atlassian forum, so it implies the use of at least one of the Atlassian suite. It also says "confluence" in the tags.

There's lots of clues here that it's not php based (and javascript still won't work)

Hi Kyle,

I'm afraid this is not possible, but that's an interesting idea. You can consider raising a feature request at href="https://jira.atlassian.com%20">https://jira.atlassian.com regarding this matter.

For now, you can work with Page restrictions in order to allow only certain users/groups to view an specific page.

Cheers

Hi,

Take a look at Customware's Security and Encryption Plugin. It uses PGP to encrypt some content and adds an additional level of page protection.

It is not very userfriendly (eg. no autocomplete) and not well integrated (encrypted content is stored separately and not with the page). But if you really need this level of protection you probably can live with it.

Be sure to use the latest version if your confluence is running on Java 7!

- Steffen

I'm guessing from yoru question that a lot of users have admin access that shouldn't? Even if you could easily password protect a page, you'd only be putting a band-aid on the problem. Anyone who has access to the server of the database can bypass the page level security provided by Confluence. It's a problem we've had with Confluence in that you can't use it to securely store passwords (haven't tried Customware/Service Rocket's plugin).

I'd tackle the problem of your user access levels as it will only come back again & again.

One solution we use is to store password files on restricted network shares and link to them from the confluence page.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

2,782 views 26 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you