It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Questions from Security team

Hi,

our company consider HipChat as a possible messenger for some of the teams. Could you please explain more fully a few points to our Security team:

1. Encryption of messages during sending.

2. Encryption chat history stored on the server and the client.

3. Monitoring / reporting on the established client connections.

4. Ability to manage (reset) client connections.

5. Control of devices, which allow connections.

6. Domain authentication.

7. Ability to use two-factor authentication.

8. Automatic updates and changes in the client software settings without the need for administrative privileges.

 

Thank you.

1 answer

1 accepted

0 votes
Answer accepted
crivers Atlassian Team Dec 27, 2016

Hi Dmitry - the basic information about HipChat security can be found at https://confluence.atlassian.com/hipchatkb/security-of-hipchat-755337914.html. To some of your questions in particular:

  1. All communication between the client and server is sent and received encrypted over https (TLS in the older versions of the clients)
  2. Chat history is not stored on the client. On the server, it's stored unencrypted to support searching.
  3. Users can view their own client connections at hipchat.com/account/sessions. There is not currently any support for admin-level viewing of other users client connections
  4. Like above, users can disconnect sessions at the given URL. No admin-level support for performing this on other users.
  5. We don't restrict any devices from connecting to HipChat, but all connections must be over a secure channel (TLS/SSL). This includes 3rd party XMPP clients as well as all HipChat-built ones.
  6. I'm not sure exactly what you mean by domain authentication. We confirm emails as a general process of security, but don't restrict them to certain domains based on the account they're accessing.
  7. 2FA isn't something we currently have, but certainly something we hope to add in the future (along with SAML-based authentication, which often comes with its own 2FA support)
  8. Assuming clients are installed by a non-admin user, they can also be updated by the non-admin user without requiring escalated privileges. If you are being prompted to enter administrator credentials when updating, it's likely that the app was initially installed by an administrator account.

 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Hipchat

Hipchat Cloud and Stride have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

35,199 views 9 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you