This documentation relates to the latest version of Confluence.
If you are using an earlier version, please go to the documentation home page and select the relevant version.
Be warned that the wiki markup for pages can be viewed by anyone who can view th...
Be warned that the wiki markup for pages can be viewed by anyone who can view the rendered page. This could pose a security risk if usernames and passwords are placed on the page.
There is an improvement request being tracked for this, I recommend you to cast a vote on it. The more popular a request is, the better its chances of getting implemented in the future.
You may also add a watch to it so that you will get notification of updates to the issue.
Well, Dan, that'd be a very good point you have there. Though I think that the s...
Well, Dan, that'd be a very good point you have there.
Though I think that the security risk is mitigated a bit because only folks with edit permissions should be able to see the wiki markup. Right? Or am I missing something?
Comments (9)
Aug 30, 2006
Gary Pullis says:
Is there a way to specify a username and password parameter so you could bring u...Is there a way to specify a username and password parameter so you could bring up a secured rss feed?
Aug 31, 2006
Dan Hardiker says:
Be warned that the wiki markup for pages can be viewed by anyone who can view th...Be warned that the wiki markup for pages can be viewed by anyone who can view the rendered page. This could pose a security risk if usernames and passwords are placed on the page.
Jan 09, 2007
Hank Scorpio says:
Trawling through the docs then I note that osusername and ospassword can be pass...Trawling through the docs then I note that os_username and os_password can be passed as augments to the URL.
http://localhost:8080/confluence/login.action?os_username=un1&os_password=pw1
But how can I achieve the same results using the RSS macro, to a feed like the following;
{rss:url=http://rss.abc.com/MyBlog/rss.xml}
Note the following variation does not work either.
{rss:url=http://os_username=un1:os_password=pw1@rss.abc.com/MyBlog/rss.xml}
NB. I am not concerned that the username and password are viewable in the markup.
Thanks
Jan 09, 2007
David Peterson says:
Since osusername and ospassword are Atlassianspecific parameters, you might do b...Since os_username and os_password are Atlassian-specific parameters, you might do better with something like this:
{rss:url=http://un1:pw1@rss.abc.com/MyBlog/rss.xml}
However, I'm not certain that will work anyway...
May 07, 2007
Mark says:
I agree, authenticated RSS feeds capability would be a sweet feature. I use Netv...I agree, authenticated RSS feeds capability would be a sweet feature.
I use Netvibes a lot and they support authenticated feeds, which opens up things like Rememberthemilk task RSS, and other secured feeds.
Thansk
May 07, 2007
David Chui says:
Hi Mark, There is an improvement requestHi Mark,
There is an improvement request being tracked for this, I recommend you to cast a vote on it. The more popular a request is, the better its chances of getting implemented in the future.
You may also add a watch to it so that you will get notification of updates to the issue.
Regards,
David
Aug 31, 2006
Gary Pullis says:
Well, Dan, that'd be a very good point you have there. Though I think that the s...Well, Dan, that'd be a very good point you have there.
Though I think that the security risk is mitigated a bit because only folks with edit permissions should be able to see the wiki markup. Right? Or am I missing something?
Aug 31, 2006
Dan Hardiker says:
To be clear, anyone with view privs can see the wiki markup. Go to Info tab at t...To be clear, anyone with view privs can see the wiki markup. Go to Info tab at the top of this page and click the View Source button.
If they can see the rendered content, they can see with wiki markup that rendered it.
Sep 06, 2006
Jens Schumacher says:
There is s feature request 1 open for this problem which will partly solve the s...There is s feature request [1] open for this problem which will partly solve the security risk of everyone being able to see the source code.
Cheers,
Jens
[1] http://jira.atlassian.com/browse/CONF-6647
Add Comment