Versions Compared

Old Version 3

changes.mady.by.user Metin Savignano

Saved on

compared with

New Version 4

changes.mady.by.user Metin Savignano

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This statement applies to: S/Notify for Jira Server and S/Notify for Confluence Server from version 3.0 ("the app") installed in Atlassian Jira or Atlassian Confluence, respectively ("the platform application")

Stored data

Per-user S/MIME certificates and PGP keys

The app stores the users' personal public S/MIME certificate and/or public PGP key in their user profile. Since only the public certificate or key is required and can be used, no special precautions need to be taken to protect these data.

Server private S/MIME and PGP keys

The app needs to retrieve the server's private S/MIME and/or PGP keys in order to decrypt or sign emails. The private keys are read from a password protected keystore. In order to retrieve the server's private S/MIME and/or PGP keys from the keystore, the app must use a password. The apps stores an encrypted version of the password in the system properties of the platform application. The platform application usually stores these properties in a database.

Since encrypted passwords should not be considered 100% secure, access to the database used for the platform application should be protected accordingly.

Email storage

The app encrypts all emails on the fly, meaning that emails are not stored by the app, neither encrypted nor unencrypted.

...

Note
titleLogfiles

Email contents is not normally logged, but while you have set the loglevel to DEBUG or TRACE, be aware that such data may be written to your logfiles.

Encryption

Encryption safety

Although the app performs the encryption of the email, the encryption strength partly depends on the algorithm and the certificate key length used for encryption. For details about the encryption algorithms and Java limitations, please see Java Cryptography Support.

Info
titleRestrictions

Due to the nature of email encryption, please note that this method can currently only provide encryption of the message body. The message meta data, like sender and recipient always remain unencrypted which is just like with a real-world package sent out via some postal service. However, you should be aware that also the message subject is always sent unencrypted. This warning applies to both, S/MIME and PGP.

We know that there are proposals and even implementations that can encrypt headers as well. However, as the client support is not very good or even non-existing yet, S/Notify does not currently support such extensions.

Data access

Data access is managed by the platform application's user access rights management. Unless configured otherwise, usually

  • the end user can access his/her own per-user configuration settings only
  • administrative users can access the global configuration configuration settings, as well as each user's configuration settings

Data safety

Data stored by the app is covered by the platform application's standard backup mechanisms.

Privacy

The app does not collect any user data, let alone share them with anyone outside your platform application instance.

...