os.encryption hash?

Mike Feb 06, 2013

Hi,

I'm trying to pass my credential with os_username and os_password. However I did not find a way to secure my password. https://developer.atlassian.com/display/CONFDEV/Password+Hash+Algorithm does not seems to work for me.

How I can ensure security using a connection string like os_username=myuser&os_password=mypassword.

I'm getting these value from a kerberized Apache and point the login.url of seraph-config to my apache.

Thanks

1 answer

1 accepted

1 vote

Tim Wong Feb 07, 2013

Hi Mike,
Depends on what you're trying to secure.

If you just don't want your uname password to show up in the access logs, you can do something like:

francois:curl twong$ curl --basic --user admin:admin 'http://localhost:8080/login.jsp?os_destination=%2Fsecure%2FDashboard.jspa&amp;os_authType=basic'

That is, you can use os_authType=basic to move the os_username/password stuff to normal basic auth.

If you are trying to secure the transport, then use https for the TLS. If you're talking about plaintext passwords in the code, that's a different ballgame.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Mike Feb 07, 2013

I just did something easier.. Moved my request to POST instead of GET .... Works like a charm .. And yeah, I'm using SSL encryption as well.

Now I'm having my Apache doing a kerberos authentication and FW credentials to tomcat :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Confluence

Products

Interests

Community resources

Support

os.encryption hash?

1 answer

1 accepted

Suggest an answer

Happy Anniversary, Atlassian Community!

Kesha Thillainayagam

We want to hear how your non-technical teams are using Confluence!

Atlassian User Groups

Find my local user group

Groups near you