Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: None
Labels:
- affects-server
- permissions
Environment:
Confluence Pages with sensitive information in page source

UIS:
0
Support reference count:
0
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

Using several confluence macros (jiraissues, SQL, CHAR-Plugin etc.) needs to embedd sensitive information (UserID, Passwords, SQL-Statements, etc.). to the Confluence source pages.

Currently, there is no way to hide this information, because view page permission == view page source permission.

You can edit the layer templates to remove the 'page source' link, but the 'view source URL' will still work for anyone who can see the page.

The only way to hide this sensitive information is to prevent access to the Confluence Page Source.

This leads to the feature request to add a new permission type: "view page source" to be able to revoke access to the page sources.

Without this feature, Confluence pages are limited to non-sensitive information if you provide access for external parties like customers etc.

Attachments

Issue Links

blocks

CONFSERVER-6648 add HIDEURL parameter to jiraissues macro to protect jira userids and passwords

Closed

relates to

CONFCLOUD-6647 add permission type VIEW PAGE SOURCE

Gathering Interest

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Deleted Account (Inactive)

Votes:: 22 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 24/Jul/2006 11:19 AM

Updated:: 10/Mar/2021 12:09 AM