-
Type:
Suggestion
-
Resolution: Fixed
-
None
-
Component/s: None
-
Environment:Confluence pages with the embedded jiraissues macro requiring UserID and Password for access to non-public issues
The jiraissues macro allows to embed JIRA issues into Confluence pages - no problem, as long as you access an public instance of JIRA with public issues.
But if UserIDs and Passwords needed to access non-puglic issues in JIRA, they had to be passed in the URL as parameters.
{jiraissues:url=http://jira.rss.url?os_username=johnsmith&os_password=secret}Details: http://confluence.atlassian.com/display/DOC/JIRA+Issues+Macro
But if you obtain a Confluence page with this macro, unfortunately the UserID and Passwords are visible on the Confluence Page as URL link including UserID and Password.
The improvement request:
To add an macro parameter "HIDEURL".
Setting this new parameter would preserve the URL, but would cut off the os_username os_password strings!
The Confluence page will just include the URL without the sensitive UserID and Password.
Together with http://jira.atlassian.com/browse/CONF-6647 it becomes a perfect security solution with reasonable development effort.
Waiting for http://jira.atlassian.com/browse/CONF-1595 is not an option because it looks like a lot of development effort (= takes too long!) compared to this minor improvement request and the minor http://jira.atlassian.com/browse/CONF-6647 feature request.
- is blocked by
-
- Gathering Interest