Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Pocket Query: How to prevent password visibility on datasource page.

Wolf Wolfer
Wolf Wolfer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 9, 2018

When using pocketquery plugin and open datasource section all configured datasources including usernames passwords are plainly visible when viewing  "page source".

                       <ul id="databases-list" class="nice-list four-links">
                            <li data-entityname="qwerty" ><span class="content">qwerty</span><div class="link-container"><a href="#" class="icon icon-remove nice-remove" title="Remove Item"></a></div></li>
                                <script id="pocketquery-tmp-script">
                    PocketQuery.Admin.storeEntity('database', "qwerty", {"type":0,"name":"qwerty","url":"jdbc:oracle:thin:@123.123.123.123:2329/abc","user":"xyz","password":"abc","driver":"oracle.jdbc.driver.OracleDriver","testurl":"","applicationlinkid":"74f6db2c-65cb-3324-b2dc-8892b37ed719","consumerkey":"","consumersecret":"","token":"","tokensecret":"","signaturemethod":"","requestparameters":"","requestheaders":"","authurl":"","clientid":"","clientsecret":"","accesstoken":"","refreshtoken":""});
                    jQuery('#pocketquery-tmp-script').remove();
                </script>

 

This is a huge security issue from my pov (and probebly will result in deactivation of pocketquery in our company).

I wonder:

  • Is everyone aware?
  • Can this be prevented?
Answer
Watch
Like Be the first to like this
501 views

1 answer

0 votes
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 29, 2019

Hi @Wolf Wolfer,

First of all, sorry for not replying on this. We are having some trouble following the posts on Atlassian community. In the future, feel free to post a question on our ServiceDesk and you'll receive prompt replies.

Regarding your question: this is actually default behavior of the HTML <input> field with `type="password"`. But certainly hiding the password in HTML can be achieved with workarounds and I agree that it would be very desirable in this scenario. Therefore, I now created an Improvement ticket and assigned it a high priority. Shouldn't take long!

Please feel free to follow-up on this!

Best, Felix

Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.