Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Jira
Questions
Is there a way to stop the constant popup to enter admin password?

Is there a way to stop the constant popup to enter admin password?

I understand this is a good security feature, but it get annoying when you ARE the admin and you have to type your password like every click. I would thought 4.4 woudl fix this problem, but I guess I was a bit too hopeful. If there is something I am missing, please let me know b/c it is driving me insane when I try to setup from workflow to fields and have to enter teh password...again.

Thanks in advance.

1 answer

1 accepted

2 votes

Answer accepted

This is called websudo. Here's the documentation on how to disable it:

http://confluence.atlassian.com/display/JIRA/Configuring+Secure+Administrator+Sessions

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

The purpose of the Secure Administrator Sessions feature is to help prevent XSRF attacks against administrative URLs. Please keep this in mind when disabling it! :-)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

When a security measure prompts the question "how do I disable it" (from a legitimate user), it's failed.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Valid point, Nic.:-)

I wasn't trying to defend the feature from criticism, just pointing out that it does serve a purpose and that you should consciously weigh up security vs. convenience when choosing to disable it.

Microsoft still beats Atlassian on the "annoying security prompt scale", though: http://www.youtube.com/watch?v=VuqZ8AqmLPY

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Oh, absolutely, I don't pretend that I know a better way of doing it.

It's just I've been lectured at length on security and human behaviour recently, and that was a point that stuck. Exactly as you say, you need to weigh up the security vs convenience.

As for your comparison with Microsoft, I'm not sure it's a fair scale. The world is still waiting for Microsoft to turn out a piece of software that we can point at and say "actually, yes, that works well..."

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

If you must, bump the timeout rather than disabling...

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Again, I am not trying to sounds like whiny admin who doesnt care about security, but it just get very annoying really fast when you needs to enter password within 5 minutes since you last enter. And i know this is security feature and know that it protect me and such, but for test environment setup, this IS the showstopper for me. it get annoying too to show a demo to client and have to say, oh opps, hold on, let me put my password...again.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS

Community showcase