I'm imaging a use case where an employee leaves the company after being a hipchat-server user. While they were an employee they had access to rooms with sensitive content. When they leave the company their hipchat access is of course revoked. However, our security architects want assurance that the hipchat client doesn't cache or store room history on the user's device in a form that could be cracked. Any thoughts?
The clients do store cache while the app is running. When the user logs off or the app is uninstalled, the cache is wiped. We write the cache as files and place it in the application sandbox environment that the OS provides. We essentially let the operating system enforce encryption and ACL enforcement on those files.
Correct, a deleted/de-activated user will be presented with the login screen next time his app is opened (assuming they has auto-login enabled). If they try to login, they will get a username/password error. The same goes for the users account at https://your.companies.FQDN.com/account - it will be redirected to the login page.
All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us. As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs