I'm imaging a use case where an employee leaves the company after being a hipchat-server user. While they were an employee they had access to rooms with sensitive content. When they leave the company their hipchat access is of course revoked. However, our security architects want assurance that the hipchat client doesn't cache or store room history on the user's device in a form that could be cracked. Any thoughts?
The clients do store cache while the app is running. When the user logs off or the app is uninstalled, the cache is wiped. We write the cache as files and place it in the application sandbox environment that the OS provides. We essentially let the operating system enforce encryption and ACL enforcement on those files.
Correct, a deleted/de-activated user will be presented with the login screen next time his app is opened (assuming they has auto-login enabled). If they try to login, they will get a username/password error. The same goes for the users account at https://your.companies.FQDN.com/account - it will be redirected to the login page.
...from the beginning. We have built up a lot of content in HipChat, with it being a core tool in our distributed company model. While it is true that we didn’t need to move to Slack immediately, we felt it...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs