It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is sharing files on Stride more secure than on HipChat?

Anup Jishnu Sep 07, 2017

On HipChat when I share files, it is dumped on an Amazon AWS S3 bucket and that URL is displayed within HipChat room. Users can send that S3 URL to outsiders and they can get to those files. (This is my experience and please do correct me if I am wrong)

Is it different on Stride or is file sharing the same as on HipChat.

2 answers

4 votes
James Guerin Mar 01, 2018

WARNING:  What@Kesha Thillainayagam has said is, in-fact, incorrect. Stride has the same major security problem that HipChat had regarding file transfers.


@Ramin is correct. Everything is accessible to the outside world.

Do not share sensitive information inside of Stride.

1 vote
Kesha Thillainayagam Atlassian Team Sep 08, 2017

Hi AJ! 

Stride requires authentication to view uploaded files. Permissions are enforced at the conversation level, so only participants in a specific conversation (either a room or 1:1) can access a file shared in that conversation.

URLs shared outside of Stride will not be accessible.

yuji okazawa Oct 16, 2017

I have used Hipchat for daily works, and now enjoying to communicate with teammate by Stride.

But Stride still contains security problems for share files that same as Hipchat.

  • Generated url is complex, right
  • When accessing file contents with TLS , right
  • There are any authentication control or permission control, No

How do you think about it ?

# Because of lack of security, we have abandon migrating to Hipchat :(

Ramin Jan 25, 2018

it's false, the url is accessible from outside without authentication

jamie swim Jun 28, 2018

Hi there, can you point me in the direction to re-produce the problem? When I upload files in Stride I don't see a way to view/access the URL that would provide unsecured access to the file. Any help would be appreciated!

Anup Jishnu Jun 28, 2018

So in HipChat I created a new "Private Room" and uploaded a file. Here is the link to that file from within HipChat:

https://s3.amazonaws.com/uploads.hipchat.com/115593/3917346/KylDdbZP1hycyGy/ec2-ug.pdf

 

If you can get to that file, it is what @Ramin@James Guerin and I are talking about ... the uploaded files are accessible from outside without authentication.

jamie swim Jun 28, 2018

Understood for HipChat. Can this be reproduced for Stride? I have a test environment for Stride and so far I don't see a way to view/grab the URL for an uploaded file. If you have tips on how to locate the file URL in Stride that would be helpful. Thanks again!

James Guerin Jun 28, 2018

Go to any file item in the chat room and click on it to pull up the preview / download dialog. In the right hand corner right click on the download icon and select copy link. 

That link is freely accessible without authentication. You can test this by simply opening a new incognito window / different browser (where you are not logged in) / sending it to a friend. 

Anup Jishnu Jun 29, 2018

Ah I see what you mean. When I started this discussion back in Sept 2017, this was still an issue with Stride ... just as in HipChat it was very easy to copy url and send it across for others who do not have stride account to download the file. Glad they have fixed it now.

James Guerin Jun 29, 2018

@Anup Jishnu Actually, that is the point of my warning above. They have NOT fixed it.

jamie swim Jun 29, 2018

Thank you @James Guerin, I was able to easily reproduce the issue with your directions. The file URL is definitely not secure. This will be noted for our Info Security team in our review of Stride.

Anup Jishnu Jun 29, 2018

@James Guerin LOL yes you are right ... they have not yet fixed it fully. I missed the part where you mentioned "right click on the download icon". I have now confirmed that the link from there can be used by anyone who is not a user in Stride. So yes "They have NOT fixed it."

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Stride

Stride and Hipchat Cloud have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

2,410,758 views 25 21
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you