Skip to end of banner
Go to start of banner

Security Considerations

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This article shall help you if you have questions concerning security while planning to use the SharePoint Connector.

Scenarios

First a general note: There is no code from SharePoint (Online) executed on the Confluence server (or the other way around), as all the integration happens in the browser. So the only attacks are possible via client side (browser) scripts.

The content embedded from SharePoint in Confluence might contain malicious scripts which could harm Confluence (or the other way around)

The embedded content is either

  1. fetched via the SharePoint/Confluence REST API and rendered by our app, escaping any data received and thus preventing XSS attacks
  2. or via iframe and thus cannot access the surrounding page

Thus, there should be no threat regarding that point.


Confluence can be attacked by an attacker via SharePoint because content from Confluence is embedded in SharePoint (or the other way around)

If an attacker can deploy malicious code to either Confluence or SharePoint, he could indeed attack the other instance by using the account of the user which currently browses Confluence or SharePoint. In order to do that, the attacker needs to be able to either

  1. leverage an exploit in SharePoint or Confluence
  2. or deploy an app to SharePoint or Confluence

There is not much you could do about 1. other than always have a patched version of SharePoint and Confluence.


To mitigate 2., you should ensure that you can trust everyone permitted to install apps or embed HTML/custom JavaScript to SharePoint or Confluence.


For details about SharePoint see


For details about Confluence see


Filter by label

There are no items with the selected labels at this time.

  • No labels