Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Encrypt URL when creating an issue via URL

Christian Larss1
Christian Larsson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 26, 2011

Is it possible to encrypt the information in the URL when creating an issue on the form http://jira.atlassian.com/secure/CreateIssueDetails.jspa?pid=10420&issuetype=1&customfield_10010=hooray&os_username=test&os_password=testPass

I'm most worried about the username and password beeing sumbmitted in plain text, it would feel much better if I could use a hash function on them before sumbitting.

Answer
Watch
Like Be the first to like this
618 views

3 answers

0 votes
Kinto Soft
Kinto Soft
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2011

This migh also be useful for you:

http://www.jcryption.org/

Reply
0 votes
Kinto Soft
Kinto Soft
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2011

There is a way to do it (I use following method in my plugin):

1. Build a JIRA plugin

2. The plugin creates a certificate (public & private keys) by using Java at the server side

3. Include an invisible Flash Player in the JIRA plugin and load it into the web page

4. The Flash Player downloads the PUBLIC key from the server

5. Call the Flash Player to ecncrypt data by using Javascript

6. Pass encrypted data to the server and decrypt them by using the PRIVATE certificate.

Reply
0 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2011

If you're worried about security then don't pass the credentials as parameters. What context is this form being used in, are you embedding it in some other app for instance?

For a start you could use http post rather than get, then consider some form of SSO.

View More Comments
Christian Larss1
Christian Larsson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 26, 2011

The url is generated from our application to assist the user when creating a bug report in Jira. The application helps the user with filling in information like version info etc, then the user has to fill in specific information about the bug before submitting.

I've evaluated using post, but I dont think it would meet my requirements.

When reading on the following pages I get the feeling that building an URL in the way I've done is the way it's supposed to be done. There is a section about this problem, and from what I can understand the workaround is to login in a separate session, get the cookie and then supply the cookie to my browser. How ever, it would make much more sense to me if I could just encrypt the username and password in the url.

http://confluence.atlassian.com/display/JIRACOM/Automating+JIRA+operations+via+wget

http://confluence.atlassian.com/display/JIRA/Creating+Issues+via+direct+HTML+links

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2011

You must be using a common account then. If you leave off the credentials from the url then the user will have to logon, then be redirected to the page with the values pre-filled.

> http://confluence.atlassian.com/display/JIRACOM/Automating+JIRA+operations+via+wget

I think this is more for administrative purposes.

Any encryption would just be smoke and mirrors because jira will require the plaintext credentials.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 26, 2011

I regularly use the wget stuff for simple scripts, but exactly as Jamie says, I have to work on the assumption that the user is already logged into Jira. SSO makes that very easy.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events