[CONFSERVER-28491] Function Request : disabling automatic conversion from page's URL to page title in Confluence

Type: Suggestion
Resolution: Won't Fix
Fix Version/s: None
Component/s: None
Labels:
- affects-server
- editor
Environment:
CentOS 6.3 (64bit) with Oracle Java 1.6.0 + Confluence 4.3.x Install package (atlassian-confluence-4.3.x-x64.bin)

Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

When user edits a page, use can paste some "Page URL" (http://somseserver:8090/confluence/pages/viewpages.action?pageId=*********).
Then Confluence converts it to corresponding "Page Title" automatically.

For instance,

 - page title : Page001 (http://someserver*8090/confluence/pages/viewpages.action?pageId=1234567)
 - page title : Page002 (http://someserver*8090/confluence/pages/viewpages.action?pageId=4567890)

When user edits page02 and insert page1's URL as above, he can see "Page001" as a result of Confluence conversion.
But this automatic conversion functions for every Confluence users including user who has no permission to "Page001".

Our customer think it isn't necessary for this conversion for users who don't have any permission to "link to" page.
and wants Atlassian to implement

Thanks.
Chihara

relates to

CONFCLOUD-28491 Function Request : disabling automatic conversion from page's URL to page title in Confluence

Closed

G2G JPSupport added a comment - 14/Mar/2013 7:18 AM

Sherif,
Thank you for your prompt response.

But some kind of brute-force attack, this automatic conversion will leak page information.

Confluence 4.3.7 displays page with "No Permission" error when user without any permission put page URL in browser's address bar directly (CONF-97237). We think it's a good idea that implementing such function in Confluence to protect from unnecessary access.

Regrads,
Chihara

G2G JPSupport added a comment - 14/Mar/2013 7:18 AM Sherif, Thank you for your prompt response. But some kind of brute-force attack, this automatic conversion will leak page information. Confluence 4.3.7 displays page with "No Permission" error when user without any permission put page URL in browser's address bar directly (CONF-97237). We think it's a good idea that implementing such function in Confluence to protect from unnecessary access. Regrads, Chihara

Sherif Mansour added a comment - 14/Mar/2013 1:36 AM - edited

We don't any plans to do this, sorry about that - for the sake of keeping the product simple.

Sherif Mansour added a comment - 14/Mar/2013 1:36 AM - edited We don't any plans to do this, sorry about that - for the sake of keeping the product simple.

Assignee:: Sherif Mansour

Reporter:: G2G JPSupport

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 13/Mar/2013 2:19 AM

Updated:: 27/Jan/2025 6:28 PM

Resolved:: 14/Mar/2013 1:36 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: G2G JPSupport added a comment - 14/Mar/2013 7:18 AM

Expand comment: G2G JPSupport added a comment - 14/Mar/2013 7:18 AM

Collapse comment: Sherif Mansour added a comment - 14/Mar/2013 1:36 AM, Edited by Sherif Mansour - 14/Mar/2013 1:36 AM

Expand comment: Sherif Mansour added a comment - 14/Mar/2013 1:36 AM, Edited by Sherif Mansour - 14/Mar/2013 1:36 AM

People

Dates