1. Login in JIRA
2. Unable to Login into Jira Admin(System,User Management etc)
I am also unable to provide support zip file to you
Getting following below error
2014-12-12 14:38:55,665 http-bio-8081-exec-23 WARN amehr1 878x93x1 d0vl5e 10.202.99.247,10.207.11.132 /secure/admin/WebSudoAuthenticate.jspa[apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
To each ... Atlassian has a long way to go to get security right. The Captcha implementation breaks often and adds no value for in house installations. The websudo is another (oh isn't this cool.) feature that has negative effects like breaking REST API. I would argue that it doesn't add any real security. Adding support for masking database password would be a good basic security feature that should be implemented before these "gee wiz that cool" features.
Mmm. - You can turn Captcha off. I generally do for internal systems, as you say, it's useless, especially when you move to external directories. Even if you leave it on, I'm afraid it's an obsolete security measure - there are at least two "expert systems" out there that are 95% effective against the more commonly used Captcha systems currently used, and you can buy Captcha breaking farm time really cheaply too. - Websudo is intended to stop walk by unlocked computer attacks. It's not an "oh isn't this cool", it's a level of security that a lot of large organisations mandate in their software, to the point where I've seen software under evaluation dropped from the list because it doesn't have it. Sure, turn it off if you're in a secure/trusted environment, but saying it's a useless feature is absolutely incorrect. - Websudo breaking REST doesn't matter - REST doesn't expose admin functions. And even if you do expose them, it doesn't "break" them, it just requires you to implement security better - Masked database passwords - I'd agree they're a good thing, but the structure of these applications is such that if someone is reading your installed password, you've got MUCH bigger problems because they have direct access to your servers...
Sorry Nic, but your just simply wrong. You can not turn Captcha off in 6.3. It defaults to 3 tries. If you set the number of attempts to "blank" it resets it to 3. If you go into the database and set it to null, it resets it to 3 tries. REST does expose "admin" functions and Websudo is an issue, not better security. Masked DB password is a big deal if you work for a corporation that gets audited for PCI or any other security compliance.
<sigh> You can turn off Captcha, just not in the GUI config. The database changes are working fine for me on several 6.3 installs What admin functions do you think REST exposes? Websudo is a legal requirement in some places, and it is better security, so you're absolutely wrong on that Also wrong - remember to expose the password, the bad guy already has full access to your server. It's bolting the stable door after the horse has run, and died of old age...
All this religious discussion about security is fun and all, but I'm still trying to get the a REST call to create a user account to work.
Websudo as implemented to stop walk by issues seems pointless for a 10ms API call. So how *do* we get around WebSudo issues for REST calls?
BTW I'm looking at the rest docs, and there are plenty of admin features in there.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG