Email file attachment security

thenon · November 22, 2014, 11:59pm

Hi.

If I email a customer using Support Ticket, and attach a document by uploading it first, that document appears to be publicly available, via /files/. , even if you’re not authenticated at all. (at least when running via bench start).

This is of course completely unworkable - that document could be sensitive.

How can I limit this?

Many thanks.

nostahl · November 23, 2014, 6:08am

Interesting to know. Thanks for posting about this. i’ll be following the thread as it develops.

pdvyas · November 24, 2014, 4:35am

This is a limitation. Please make a github issue, we’ll come up with a solution.

nostahl · November 25, 2014, 2:44am

thenon post the github issue here so other’s can click over and vote for it too

thenon · November 26, 2014, 10:21pm

https://github.com/frappe/frappe/issues/927