Secure Attachments in Service Desk Feature - If I turn this off, will anyone be able to access attachments to tickets they didn't submit?
I would like to be able to access attachments from email and possibly just sending links out to people. Currently that doesn't work due to the Security Setting - Secure Attachments in Service Desk which is enabled. This option needs to be turned off if you need your attachment files to be accessible outside the Tickets page. (For example via email link, etc..)
I'm just wondering exactly what this will do. Will anyone be able to click the link even if they are unaffiliated with the ticket? Is this a bad idea because of some huge security risk that I'm unaware of?
Answers (1)
if it is unchecked the link to the attachment can be reached and opened from anyone with the link outside of the KACE.
This can be used if you are working with 3rd parties and you dont want to give them access to the appliance itself but to the attachments.
It is a bad idea since this allows ANYONE with the link to read the attachments even if they should never see it (think of dev documents which can be accessed from the guy you fired because he sold to a competitor)
Best practices is having it checked but yif you need it differently you can uncheck it.
Comments:
-
Thanks for the response. If unchecked, is the url still the combination of file name and checksum? - caitlynmcorey 3 years ago
-
yes, but then you can reach it without being logged in into the KACE. - Nico_K 3 years ago