Hi,
just checking out HipChat. We found uploaded files are sent to amazon s3 services and are freely available to anyone.
I thought privacy and security are #1 issues?
Hi Jochen,
Here are the facts about HipChat files:
Many users ask whether this results in "secure" files (since URLs are "public"). We feel it provides the best of both worlds:
We have considered offering authenticated access to uploaded files (i.e. requiring a username / password) but it is not part of our current subscription options.
I don't find this to be an acceptable security solution whatsoever. Obscurity is not security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Obscurity is not security, as there are simply too many unexpected ways the URL can be leaked. Here's an example:
This is only one example... there are many others that nefarious groups are extremely familiar with.
Incidentally, this is not theoretical. It actually happened to Dropbox: https://arstechnica.com/information-technology/2014/05/dropbox-disables-old-shared-links-after-tax-returns-end-up-on-gooogle/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jochen,
The reason why this is done can be found here : http://help.hipchat.com/knowledgebase/articles/64477-are-files-uploaded-to-hipchat-secure-private-
Best regards,
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.