The MSI file installs a little helper, we call it the GoEdit Native Client, which enables us to be able to open the corresponding application for the attachment you selected in your browser.
- Since the browser does not support such an operation due its sandbox, a little client side helper is used.
- The Native Client is written in C++ and does use the official OpenSSL and QT5 libraries
- 3 Registry keys are created, all together in the user-space ( no admin rights ) to register a protocol handler for GoEdit called "goedit://"
The Native Client helps you download an attachment on your computer, opening it up and uploads it back to your Confluence/Jira.
Some security details:
- the Native Clients only talks to your Confluence Server directly - never talks to anything else - nothing external
- all the data the Native Client is downloading is stored on your PC/Mac only ( attachments )
- The Native Client "Download MSI" is not download from an external source, but directly from your Confluence ( it´s bundled with the plugin )
This means, that GoEdit does / can work in:
- a complete offline environment, where neither your PC nor the Confluence server has access to the internet
Our security sensible customers are using GoEdit in a complete isolated environment. We are completely enterprise ready for those scenarios and also actually are focused on always providing this service for our big customers.
Automatic and administrative Installation of the helper (distribution):
- the MSI file can be used to deploy and install GoEdit Native Client on all your PCs using GPO, so no users have to install it manually ( this is optional ), see https://goedit.drupal-wiki.com/#chapter:1.1.5
Approved by Anti-Virus & Security Programs
|GoEdit has established a high reputation in Windows safety technology "SmartScreen Application Reputation" and can be safely downloaded an installed in Windows environments.|
|GoEdit has been approved by Symantec and complies with Symantec Bloodhound technology and Symantec Endpoint Protection (SEP).|
|GoEdit has been reviewed by McAffee and complies with Intel Security’s PUP detection policy.|
Detailed Description of the Authentication Process
Phase 1 - Pre-Auth
By clicking on "Edit" within Confluence/Jira the GoEdit client is started using a session generated unique one-time authentication token. This special token is only valid for GoEdit communication and not for Confluence or Jira in general. The one-time token is used to retrieve the session-cookies via REST-endpoint using POST. The token is invalidated immediately after the session cookie has been retrieved and cannot be used again. The one-time token concept renders it technically impossible to reuse the token via replay or history. The whole communication is secured by using RSA and SSL. If SSL-encryption is enabled the communication is secured and protected against man-in-the-middle as well as sniffing attacks.
Phase 2 - Auth / Comms
After the successful Pre-Auth, every communication is carried out via the regular session cookie of the user. The advantage of using cookies is that no authentication details will be disclosed within the GET-URI. Also if the user logged out, the session ends and also GoEdit cannot authenticate anymore. Cookies will only be held for the current session and within the volatile random access memory of the GoEdit Client. So if the GoEdit client is closed all data will be deleted automatically.
With the valid session cookie the GoEdit client can now download the attachment, open the related application and when the users saves upload a new attachment version.
All authentication data will be deleted immediately when the user saves or cancel / timeout.