Encrypt URL when creating an issue via URL

Is it possible to encrypt the information in the URL when creating an issue on the form http://jira.atlassian.com/secure/CreateIssueDetails.jspa?pid=10420&issuetype=1&customfield_10010=hooray&os_username=test&os_password=testPass

I'm most worried about the username and password beeing sumbmitted in plain text, it would feel much better if I could use a hash function on them before sumbitting.

3 answers

If you're worried about security then don't pass the credentials as parameters. What context is this form being used in, are you embedding it in some other app for instance?

For a start you could use http post rather than get, then consider some form of SSO.

The url is generated from our application to assist the user when creating a bug report in Jira. The application helps the user with filling in information like version info etc, then the user has to fill in specific information about the bug before submitting.

I've evaluated using post, but I dont think it would meet my requirements.

When reading on the following pages I get the feeling that building an URL in the way I've done is the way it's supposed to be done. There is a section about this problem, and from what I can understand the workaround is to login in a separate session, get the cookie and then supply the cookie to my browser. How ever, it would make much more sense to me if I could just encrypt the username and password in the url.



You must be using a common account then. If you leave off the credentials from the url then the user will have to logon, then be redirected to the page with the values pre-filled.

> http://confluence.atlassian.com/display/JIRACOM/Automating+JIRA+operations+via+wget

I think this is more for administrative purposes.

Any encryption would just be smoke and mirrors because jira will require the plaintext credentials.

I regularly use the wget stuff for simple scripts, but exactly as Jamie says, I have to work on the assumption that the user is already logged into Jira. SSO makes that very easy.

There is a way to do it (I use following method in my plugin):

1. Build a JIRA plugin

2. The plugin creates a certificate (public & private keys) by using Java at the server side

3. Include an invisible Flash Player in the JIRA plugin and load it into the web page

4. The Flash Player downloads the PUBLIC key from the server

5. Call the Flash Player to ecncrypt data by using Javascript

6. Pass encrypted data to the server and decrypt them by using the PRIVATE certificate.

This migh also be useful for you:


Suggest an answer

Log in or Sign up to answer
Community showcase

Scrum Roles Explained: the Do's and the Don'ts

Hello Community,  Today we are going to talk about the three Scrum Roles. There is the Development Team, the Scrum Master and the Product Owner. In my opinion these three are all really impo...

72 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you