Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,553,048
Community Members
 
Community Events
184
Community Groups

Are all these third party powerups vetted safe?

Arthur Trinchera
Arthur Trinchera Aug 29, 2022

It's my first look at the powerups and I found a comprehensive field adder specifically Amazing Fields that has 50,000 user but it seemed to have access to every bit of info and be able to post and see pretty much everything including saved usernames and passwords.  I did look for this question before posting.

Thank you

Answer
Watch
Like Matthieu Poupard -Klaxoon- likes this
117 views

2 answers

2 accepted

2 votes
Answer accepted
Allen -Amazing PowerUps-
Allen -Amazing PowerUps-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Aug 30, 2022

I can chime in as the developer of Amazing Fields. 

I have an faq entry about it as well: ( Why does Amazing Fields need so many Trello permissions? )

The summary is that all powerup generally have access to all your data on the board where it is enabled.  But powerups behave differently in what data they need and how they store it.  Amazing Fields keeps all of your card data on the Trello servers under your control.

As to usernames and passwords, Amazing Fields does not have any access to your credentials.  It does ask for approval so it can call APIs on your behalf, but that is through the standard Trello approval flow which does not give powerups any access to your credentials and allows you to revoke that access at any time.

If you have any additional questions, I am more than happy to answer them here or through support@amazingpowers.com

View More Comments
Arthur Trinchera
Arthur Trinchera Sep 01, 2022

Thank you for your answer. I am a low power, no power user. I was referring to passwords I have saved on my cards for my own reference. I assumed if my account was private it would be safe unless breached.

Arthur

Like
Allen -Amazing PowerUps-
Allen -Amazing PowerUps-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Sep 02, 2022

That is correct.  In theory a powerup could access that data, but a well behaved powerup is not going to make a copy of your data to an external server or anything like that.

So for example the way Amazing Fields works, I would never see or have remote access to any of your data.  Your mileage may vary with other powerups so I would check with any you are concerned about.

Like Nic Brough -Adaptavist- likes this
Reply
0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 30, 2022

Welcome to the Atlassian Community!

Atlassian has some basic checks done on apps that are made publically available on the Marketplace, and has some security schemes for vendors.  It vets supplier partners to varying extents.  But it can't test for everything.

However, you use the example of Amazing Fields - yes, that can access all your data, but it sits within the permissions of Jira - if a user can't see an issue, then Amazing fields won't show them data from that issue.

You say it has access to saved usernames and passwords.  It does not really, not unless your users are putting usernames and passwords into fields on issues.  If they are doing that, you should be looking to discipline them...

View More Comments
Arthur Trinchera
Arthur Trinchera Sep 01, 2022

It's just me and I save usernames and passwords in comment fields. I assumed that was private and safe. Should I be disciplined? thank you for your answer!

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Sep 01, 2022

I hope this is not too harsh a thing to say but...

> "I save usernames and passwords in comment fields"

No.

Never, never, never, do that. 

User names, IDs, email addresses etc, you should probably avoid storing if you can because they do make it a bit easier for hackers and crackers, but you never store a password outside a password safe or a human brain (and don't trust the human brain, some of us are so dumb, we'd give a researcher a real password in exchange for a doughnut)

Storing a plain text password in an unencrypted way is, in short, a) a bad idea and b) almost certainly illegal in your country.

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

See all events