os.encryption hash?

Hi,

I'm trying to pass my credential with os_username and os_password. However I did not find a way to secure my password. https://developer.atlassian.com/display/CONFDEV/Password+Hash+Algorithm does not seems to work for me.

How I can ensure security using a connection string like os_username=myuser&os_password=mypassword.

I'm getting these value from a kerberized Apache and point the login.url of seraph-config to my apache.

Thanks

1 answer

1 accepted

Hi Mike,
Depends on what you're trying to secure.

If you just don't want your uname password to show up in the access logs, you can do something like:

francois:curl twong$ curl --basic --user admin:admin 'http://localhost:8080/login.jsp?os_destination=%2Fsecure%2FDashboard.jspa&amp;os_authType=basic'

That is, you can use os_authType=basic to move the os_username/password stuff to normal basic auth.

If you are trying to secure the transport, then use https for the TLS. If you're talking about plaintext passwords in the code, that's a different ballgame.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I just did something easier.. Moved my request to POST instead of GET .... Works like a charm .. And yeah, I'm using SSL encryption as well.

Now I'm having my Apache doing a kerberos authentication and FW credentials to tomcat :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Confluence

Products

Interests

Groups

Community resources

Support

os.encryption hash?

1 answer

1 accepted

Suggest an answer

Kesha Thillainayagam

Why start from scratch? Introducing four new templates for Confluence Cloud

Atlassian User Groups

Find my local user group

Groups near you