IT Security of Helpdesk and PDF attachments

  • Lorenzo
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
2 years 3 months ago - 2 years 3 months ago #148353 by Lorenzo
Dear Tuan, I'm testing the Demo Helpdesk online and have a presale question.
I'm concerned of the privacy and security of the component, therefore I created a topic here  joomdonationdemo.com/helpdeskpro/index.p...?view=ticket&id=3362 and after logging out I no longer can reach the ticket. And that is very good because a user must login to read his own tickets.

What is not good is that the Ticket attachments are public and you do not need to login to access them, so robots could guess or find attachment of our customers. Here's my test link:  joomdonationdemo.com/helpdeskpro/index.p...ilename=test-pdf.pdf  
Is this right? Is there a way to force a login?

I also see that attached pictures are nicely opened in a popup but PDFs are downloaded. Is there a way to open them in the browser?

Kind regards
Last edit: 2 years 3 months ago by Lorenzo.

Please Log in or Create an account to join the conversation.

More
2 years 3 months ago #148357 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic IT Security of Helpdesk and PDF attachments
Hello Lorenzo

Yes. You are right. The attachments should be protected better. I will work on it and improve it soon

Tuan

Please Log in or Create an account to join the conversation.

Moderators: Tuan Pham Ngoc