This article shall help you if you have questions concerning security while planning to use the SharePoint Online Connector.
Scenarios
First a general note: There is no code from SharePoint (Online) executed on the Confluence server (or the other way around), as all the integration happens in the browser. So the only attacks are possible via client side (browser) scripts.
...
- information regarding apps: https://docs.microsoft.com/sharepoint/extend-and-develop
- Information regarding custom JavaScript: Pay close attention to the "custom scripts" feature, as this allows any user in SharePoint to deploy arbitrary scripts: https://docs.microsoft.com/de-de/sharepoint/allow-or-prevent-custom-script
- However, if you do not need the ability to embed content into SharePoint, there is a way to completely deactivate that part of our app and with that all the threats listed here. This can be achieved by deactivating the "SharePoint Online Connector for Confluence Add-In Extensions" app which is bundled with the SharePoint Online Connector for Confluence.
For details about Confluence see
- information regarding apps: https://confluence.atlassian.com/cloud/marketplace-apps-873871382.html
- Information regarding custom JavaScript: Pay also close attention to the HTML macro, as it can allow any user in Confluence to deploy arbitrary scripts: https://confluence.atlassian.com/doc/html-macro-38273085.html
| Info |
|---|
We have also published a high-level overview over data security for the SharePoint Connector for Confluence in this blog post. |
Related Articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...