We are using LDAP, but have not converted over to SSL (yet).
While the documentation strongly suggests SSL, is there any point in using HipChat without SSL?
We don't want to risk security.
Your insight and suggestions are welcome.
Thank you -
If you are worrying about security then you should use something. There are valid cases where HipChat without SSL makes sense. For example if your network is insulated from the outside world (VPN tunnels, internal network only), then you might not need SSL for HipChat since security is being provided externally.
Since security should be better with multiple layers, I would still recommend HipChat with SSL
As I always say, to run an application without SSL is like driving a car with no seat belt .
As you know, SSL is a protocol used to avoid that data are trafficked in plain text. If you are concerned about security, I strongly recommend you to use SSL.
However, related to security into your network, I believe the most important thing is guarantee the edge of your network is security enough and then start to verify your internal network.
I mean, you can use SSL into your internal applications but if your firewall or reverse proxy aren’t properly configured to block unauthorised access, then, your network is still unsafe.
If you are running HipChat only into your internal network (without external access), I don’t think it is a big issue you run this without SSL. However, I also don’t see why not use SSL. Usually it is simple and doesn’t hurt :). If you are planning run HipChat to be accessed from internet, then you should use SSL, otherwise, it will be unsafe (it doesn’t means you will be hacked).
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG