Encrypt URL when creating an issue via URL

Is it possible to encrypt the information in the URL when creating an issue on the form http://jira.atlassian.com/secure/CreateIssueDetails.jspa?pid=10420&issuetype=1&customfield_10010=hooray&os_username=test&os_password=testPass

I'm most worried about the username and password beeing sumbmitted in plain text, it would feel much better if I could use a hash function on them before sumbitting.

3 answers

0 vote

If you're worried about security then don't pass the credentials as parameters. What context is this form being used in, are you embedding it in some other app for instance?

For a start you could use http post rather than get, then consider some form of SSO.

The url is generated from our application to assist the user when creating a bug report in Jira. The application helps the user with filling in information like version info etc, then the user has to fill in specific information about the bug before submitting.

I've evaluated using post, but I dont think it would meet my requirements.

When reading on the following pages I get the feeling that building an URL in the way I've done is the way it's supposed to be done. There is a section about this problem, and from what I can understand the workaround is to login in a separate session, get the cookie and then supply the cookie to my browser. How ever, it would make much more sense to me if I could just encrypt the username and password in the url.



You must be using a common account then. If you leave off the credentials from the url then the user will have to logon, then be redirected to the page with the values pre-filled.

> http://confluence.atlassian.com/display/JIRACOM/Automating+JIRA+operations+via+wget

I think this is more for administrative purposes.

Any encryption would just be smoke and mirrors because jira will require the plaintext credentials.

I regularly use the wget stuff for simple scripts, but exactly as Jamie says, I have to work on the assumption that the user is already logged into Jira. SSO makes that very easy.

There is a way to do it (I use following method in my plugin):

1. Build a JIRA plugin

2. The plugin creates a certificate (public & private keys) by using Java at the server side

3. Include an invisible Flash Player in the JIRA plugin and load it into the web page

4. The Flash Player downloads the PUBLIC key from the server

5. Call the Flash Player to ecncrypt data by using Javascript

6. Pass encrypted data to the server and decrypt them by using the PRIVATE certificate.

This migh also be useful for you:


Suggest an answer

Log in or Join to answer
Community showcase
Alexey Matveev
Published Saturday in Jira

How to run Jira in a docker container

Everything below is tested on Ubuntu 17.10. I prefer to use Jira in a docker container because: 1. I can install Jira with a couple of commands. 2. I can start and stop Jira just by starting and s...

194 views 6 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot