/build/static/layout/Breadcrumb_cap_w.png

Secure Attachments in Service Desk Feature - If I turn this off, will anyone be able to access attachments to tickets they didn't submit?

I would like to be able to access attachments from email and possibly just sending links out to people. Currently that doesn't work due to the Security Setting - Secure Attachments in Service Desk which is enabled. This option needs to be turned off if you need your attachment files to be accessible outside the Tickets page. (For example via email link, etc..) 

I'm just wondering exactly what this will do. Will anyone be able to click the link even if they are unaffiliated with the ticket? Is this a bad idea because of some huge security risk that I'm unaware of? 


0 Comments   [ + ] Show comments

Answers (1)

Posted by: Nico_K 8 months ago
Red Belt
0

if it is unchecked the link to the attachment can be reached and opened from anyone with the link outside of the KACE.
This can be used if you are working with 3rd parties and you dont want to give them access to the appliance itself but to the attachments. 

It is a bad idea since this allows ANYONE with the link to read the attachments even if they should never see it (think of dev documents which can be accessed from the guy you fired because he sold to a competitor) 
Best practices is having it checked but yif you need it differently you can uncheck it.


Comments:
  • Thanks for the response. If unchecked, is the url still the combination of file name and checksum? - caitlynmcorey 8 months ago
    • yes, but then you can reach it without being logged in into the KACE. - Nico_K 8 months ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ