Why can people fill out checklists on the public internet? Isn't that a security risk? When is that useful?

I have seen that people can use public create links for checklists, and then everyone on the internet can create a checklist (even with QR Codes) and fill it out. How is that useful? Aren’t they all anonymous? Isn’t that a threat to the security of my Atlassian Cloud instance?

Yes, it‘s true that checklists can be filled out by anyone with the appropriate links. Checklists do not have to be public, though. They can be fully protected and only work for users authenticated with your Atlassian Cloud software. There are two types of links for public checklists:

  • A public creation link
    If you share a public creation link, every one with it will be able to create new checklists based on your template. This can be especially helpful if the employees or people do not have access to your Atlassian Cloud instance themselves or do not want to login to create a checklist. It’s both faster and involves less hurdles to get a new checklist this way. Once you have created a checklist in our mobile apps for iOS and Android, you’ll also be able to create such checklists from the app at anytime.
  • A public link to a checklist
    Every checklist that has been created from a public template will have a link that can be used by everyone on the internet. But you have to know the link. It’s not trivial to guess it.

This is not a security problem.
The practice of unlisted pages and media elements is common with several web services (like YouTube, Google Docs, …). With an “unlisted” checklist, the content of the checklist is only as secure as the link itself. If you pass on the link, others will be able to access your content.

There is no way to access the admin area, change a checklist template, or access other unwanted or secured areas with the public links.

Photo by Ashwini Chaudhary(Monty) on Unsplash