Is it possible to encrypt the information in the URL when creating an issue on the form http://jira.atlassian.com/secure/CreateIssueDetails.jspa?pid=10420&issuetype=1&customfield_10010=hooray&os_username=test&os_password=testPass
I'm most worried about the username and password beeing sumbmitted in plain text, it would feel much better if I could use a hash function on them before sumbitting.
If you're worried about security then don't pass the credentials as parameters. What context is this form being used in, are you embedding it in some other app for instance?
For a start you could use http post rather than get, then consider some form of SSO.
The url is generated from our application to assist the user when creating a bug report in Jira. The application helps the user with filling in information like version info etc, then the user has to fill in specific information about the bug before submitting.
I've evaluated using post, but I dont think it would meet my requirements.
When reading on the following pages I get the feeling that building an URL in the way I've done is the way it's supposed to be done. There is a section about this problem, and from what I can understand the workaround is to login in a separate session, get the cookie and then supply the cookie to my browser. How ever, it would make much more sense to me if I could just encrypt the username and password in the url.
You must be using a common account then. If you leave off the credentials from the url then the user will have to logon, then be redirected to the page with the values pre-filled.
I think this is more for administrative purposes.
Any encryption would just be smoke and mirrors because jira will require the plaintext credentials.
There is a way to do it (I use following method in my plugin):
1. Build a JIRA plugin
2. The plugin creates a certificate (public & private keys) by using Java at the server side
3. Include an invisible Flash Player in the JIRA plugin and load it into the web page
4. The Flash Player downloads the PUBLIC key from the server
6. Pass encrypted data to the server and decrypt them by using the PRIVATE certificate.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Hey everyone! My name is Natalie and I'm an editor of the Atlassian Blog and I've got a question for you: What's your favorite quote about teamwork? We've compiled a list here, along with...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs