Someone else can step in and correct me if I'm wrong, but I decided to explore this a little. However, it's very possible I do not understand how auth works with Confluence (or with servers in general), so take this for what it's worth (almost nothing).
If you request the admin URL:
Now turn on your network monitor (in my case, I used Chrome's Network tab), enter your password, and click "Confirm".
Then look at the request, it looks like it is NOT encrypted. Here's a dump of my request. The password is in the form data, in plain text:
Request URL:http://yoursite.com/confluence/doauthenticate.action Request Method:POST Status Code:200 OK Request Headers Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Cache-Control:max-age=0 Connection:keep-alive Content-Length:82 Content-Type:application/x-www-form-urlencoded Cookie:confluence.browse.space.cookie=space-pages; <snip> Host:yoursite.com Origin:http://yoursite.com Referer:http://yoursite.com/confluence/authenticate.action?destination=/admin/console.action User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5 Form Data password:PASSWORD authenticate:Confirm destination:/admin/console.action
It's officially Tuesday, which means it's officially time for another tip to help you better navigate this space we call the Atlassian Community. 😄 I got a great question from community member, Sa...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs