Uvdesk and attachments security



  • Hi,
    some months ago I suggested to add attachments protection feature as in OsTicket
    https://github.com/uvdesk/community-skeleton/issues/270

    Today I see the defaults robot.txt file is placed under the main root folder of UvDesk and not in the public folder.
    In my installation for make UVdesk work my domain is pouting directly to the public folder so, if like me other users will setup UVdesk in this way I suppose search engines will be able to crawl and index attachments... also if someone want scan attachments maybe is sufficient create an engine that never read robot.txt files.

    The robot.txt file should be present in the public folder not outside of the public folder and in future the attachment should be accessible only to users of ticket and operator that are following the ticket for security.

    In OsTicket with a check box user can choose if enable this or not.
    The attachment of the public Knowledgebase should be not affected.


Log in to reply