It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is sharing files on Stride more secure than on HipChat?

On HipChat when I share files, it is dumped on an Amazon AWS S3 bucket and that URL is displayed within HipChat room. Users can send that S3 URL to outsiders and they can get to those files. (This is my experience and please do correct me if I am wrong)

Is it different on Stride or is file sharing the same as on HipChat.

2 answers

WARNING:  What@Kesha Thillainayagam has said is, in-fact, incorrect. Stride has the same major security problem that HipChat had regarding file transfers.


@Ramin is correct. Everything is accessible to the outside world.

Do not share sensitive information inside of Stride.

1 vote

Hi AJ! 

Stride requires authentication to view uploaded files. Permissions are enforced at the conversation level, so only participants in a specific conversation (either a room or 1:1) can access a file shared in that conversation.

URLs shared outside of Stride will not be accessible.

I have used Hipchat for daily works, and now enjoying to communicate with teammate by Stride.

But Stride still contains security problems for share files that same as Hipchat.

  • Generated url is complex, right
  • When accessing file contents with TLS , right
  • There are any authentication control or permission control, No

How do you think about it ?

# Because of lack of security, we have abandon migrating to Hipchat :(

it's false, the url is accessible from outside without authentication

Hi there, can you point me in the direction to re-produce the problem? When I upload files in Stride I don't see a way to view/access the URL that would provide unsecured access to the file. Any help would be appreciated!

So in HipChat I created a new "Private Room" and uploaded a file. Here is the link to that file from within HipChat:

https://s3.amazonaws.com/uploads.hipchat.com/115593/3917346/KylDdbZP1hycyGy/ec2-ug.pdf

 

If you can get to that file, it is what @Ramin@James Guerin and I are talking about ... the uploaded files are accessible from outside without authentication.

Understood for HipChat. Can this be reproduced for Stride? I have a test environment for Stride and so far I don't see a way to view/grab the URL for an uploaded file. If you have tips on how to locate the file URL in Stride that would be helpful. Thanks again!

Go to any file item in the chat room and click on it to pull up the preview / download dialog. In the right hand corner right click on the download icon and select copy link. 

That link is freely accessible without authentication. You can test this by simply opening a new incognito window / different browser (where you are not logged in) / sending it to a friend. 

Ah I see what you mean. When I started this discussion back in Sept 2017, this was still an issue with Stride ... just as in HipChat it was very easy to copy url and send it across for others who do not have stride account to download the file. Glad they have fixed it now.

@Anup Jishnu Actually, that is the point of my warning above. They have NOT fixed it.

Thank you @James Guerin, I was able to easily reproduce the issue with your directions. The file URL is definitely not secure. This will be noted for our Info Security team in our review of Stride.

@James Guerin LOL yes you are right ... they have not yet fixed it fully. I missed the part where you mentioned "right click on the download icon". I have now confirmed that the link from there can be used by anyone who is not a user in Stride. So yes "They have NOT fixed it."

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Nov 14, 2018 in Stride

Stride and Hipchat Cloud have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

1,749,538 views 25 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you