UVdesk
    • Register
    • Login
    • Search
    • Recent

    Solved Uvdesk and attachments security

    Technical Help
    1
    1
    131
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • peopleinside
      peopleinside community specialist mod last edited by

      Hi,
      some months ago I suggested to add attachments protection feature as in OsTicket
      https://github.com/uvdesk/community-skeleton/issues/270

      Today I see the defaults robot.txt file is placed under the main root folder of UvDesk and not in the public folder.
      In my installation for make UVdesk work my domain is pouting directly to the public folder so, if like me other users will setup UVdesk in this way I suppose search engines will be able to crawl and index attachments... also if someone want scan attachments maybe is sufficient create an engine that never read robot.txt files.

      The robot.txt file should be present in the public folder not outside of the public folder and in future the attachment should be accessible only to users of ticket and operator that are following the ticket for security.

      In OsTicket with a check box user can choose if enable this or not.
      The attachment of the public Knowledgebase should be not affected.

      šŸ’¬ You can also ask help on GitHub Discussions
      šŸŸ  I may be no more active as before in this community as announced here

      1 Reply Last reply Reply Quote 0
      • First post
        Last post