Our company have JIRA, Confluence and Fisheye. All applications are located in intranet. Users cannot access outside office.
It seems to me it is not necessary to apply for a SSL cert and install.
The only problem I can see is, when user using Confluence to open an office document (e.g. word, excel) it prompt for "Access to this web server is disabled by default because it is controlled by basic authentication and does not use SSL....". This problem can be resolved by change registry (https://confluence.atlassian.com/confkb/unable-to-edit-files-in-office-due-to-ssl-not-being-enabled-598213057.html)
What do you think? I understand https should give better security. However, from an admin's view, is it worth the trouble?
SSL should really be used for anything a human might put data into. Plain text http is only suitable for read-only sites or isolated networks with no wireless devices.
I had a Jira and Confluence installation in intranet without ssl. I worked just fine. It all depends on your security guidelines. But we used SSO, so that any user could not get the password of other users. I think it is the most important problem. If you use basic authentication and you do not have ssl, then passwords of users can be intercepted.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.