Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Are Confluence passwords hashed over http?

jboutin
jboutin June 13, 2012

If I connect to confluence over non-https, are passwards encrypted?

Answer
Watch
Like Be the first to like this
384 views

2 answers

1 accepted

0 votes
Answer accepted
Joe Clark
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 13, 2012

Correct, unless you implement some form of custom authentication, passwords and usernames are sent in clear-text when logging in to Confluence.

SSL for the win :-)

Reply
1 vote
Matthew J. Horn
Matthew J. Horn
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 13, 2012

Someone else can step in and correct me if I'm wrong, but I decided to explore this a little. However, it's very possible I do not understand how auth works with Confluence (or with servers in general), so take this for what it's worth (almost nothing).

If you request the admin URL:

http://yoursite.com/confluence/authenticate.action?destination=/admin/console.action

Now turn on your network monitor (in my case, I used Chrome's Network tab), enter your password, and click "Confirm".

Then look at the request, it looks like it is NOT encrypted. Here's a dump of my request. The password is in the form data, in plain text:

Request URL:http://yoursite.com/confluence/doauthenticate.action
Request Method:POST
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:82
Content-Type:application/x-www-form-urlencoded
Cookie:confluence.browse.space.cookie=space-pages;
<snip>
Host:yoursite.com
Origin:http://yoursite.com
Referer:http://yoursite.com/confluence/authenticate.action?destination=/admin/console.action
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
Form Data
password:PASSWORD
authenticate:Confirm
destination:/admin/console.action

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.