Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

 

Security FAQ

How does the app get and modify data?

To get and modify data in Confluence, the app uses public Confluence REST APIs. For example, we are getting pages and blog posts to apply inline changes via Confluence Cloud REST API.

Our app uses all the required Authorization and Security technologies provided by Atlassian:

What platform and programming language was used to develop the application?

To develop our app, we used the Atlassian Connect framework for communications between our app and Confluence. For the back end, we used NodeJS and frontend JavaScript.

Which authentication protocols and technologies are supported?

The app works on the top of the Confluence authentication system and supports all the available authentication settings.

How do you achieve the security of data at rest?

The app for Confluence Cloud is available over SSL only. We are using a valid (not a self-signed) browser-trusted certificate, without any human intervention, and all the communications between “Client ↔︎ Confluence Cloud application ↔︎ Our app” are encrypted.

How is customer data separated from other customers (if the solution is offered in a multi-tenant model)?

We have measures in place to ensure that all the customers are logically separated so that the actions of one customer cannot compromise the data of other customers.

In the version for Confluence Cloud, we use a concept that Atlassian refers to as the “tenant context” to achieve logical isolation of all the customers. This is implemented in the Atlassian Connect framework and managed by the “Tenant Context Service” (TCS). This concept ensures that:

  • Each customer’s data is kept logically segregated from other tenants when at rest.

  • Any requests processed by our app have a “tenant-specific” view, so other tenants are not impacted.

How is the security monitoring for this app performed?

Our security monitoring includes the following:

  • Role-based mechanism to access all the parts of infrastructure separately.

  • The app creates a massive collection of event logs for analysis and investigation.

  • Regularly reviewing of records to improve alerting mechanisms or to manually identify security incidents.

How often do you perform security testing?

 As a part of our internal audit process, once per quarter.

What is your security incident management process?

Our “security incident management plan” is not publicly available at the moment. However, in case of any incidents, please get in touch with support@actonic.atlassian.net .

Usage FAQ

What are the minimum requirements for supported browsers? 

Desktop browsers:

  • Microsoft Edge - Latest stable version supported

  • Mozilla Firefox (all platforms) - Latest stable version supported

  • Google Chrome (Windows and Mac) - Latest stable version supported

  • Safari (Mac) - Latest stable version on latest OS release supported

Can we restrict access to the application from a specific customer public IP gateway?

Yes, as a part of Confluence security configuration.

“IP allow listing” is available with Premium plans for Jira Software, Jira Service Management, and Confluence.

Does the app support collaborative editing?

Use case: Colleague A is using the app, editing some symbols on the page. Colleague B is at the same time using the edit mode in Confluence to do some changes on the table.

If you're (A) editing the first row, and your colleague B editing the last row – everything will work fine, both changes will be applied one by one without any errors. 

If colleague B saves his changes first, you will see the notification that they are trying to save a page, with the previous version of the content.

 

Is there a way I can still use the Server version, although I cannot buy the Server license anymore?

Unfortunately, we cannot offer any server licenses anymore since 15th February 2023. But what we can offer, is a Data Center license. You can use it on your Server instance and it still works the same! Just contact us, we’ll gladly consult you and find the perfect offer for you.

  • No labels