Opened 10 years ago

Closed 10 years ago

#510 closed improvement (fixed)

Ability to show/hide the history tab for certain users

Reported by: Mario.Molih Owned by:
Priority: minor Milestone: 7.2.1
Component: User Interface Version: 7.1.2
Keywords: Cc:

Description

The history of a folder displays actions on its files/subfolders. This could be a security issue. For example: Different users are only allowed to see/access certain subfolders. Via the history of the parent folder they are now able to see existing files/subfolders they shouldn't see.

Is it possible to configure the history in a way, so that users are only able to see actions on files/subfolders in the history which they are allowed to see?

Change History (6)

comment:1 Changed 10 years ago by car031

Hi this is not a security issue since that records are read-only and there is no configurations available to exclude history elements.

comment:2 Changed 10 years ago by Mario.Molih

Maybe that was unfortunate phrasing. Here's a more precise example:

Let's say we have several customers accessing a single folder. In this folder there are subfolders for each customer. Each customer sees only folders he is allowed to see. For business reasons, that is. But if a customer takes a look into the history of the parent folder he is able to see actions performed on files/folders which he actually mustn't see. We want to avoid this.

comment:3 Changed 10 years ago by car031

But what security issue is in that? The user cannot access to those folders/files from the history.

comment:4 Changed 10 years ago by Mario.Molih

I admit the term "security issue" is a bit misleading. Yes, one can't access those files/folders, but we as a company don't want our customers to see existing files/folders other than the ones they have access to, as well. Like i said, for business reasons.

So it would be nice if there were the possibility to "configure" the informations displayed to our needs. I read from your first comment that's currently not possible? Maybe for a future update?

comment:5 Changed 10 years ago by car031

Well, this feature request is stored. Maybe it will be implemented in the future.

comment:6 Changed 10 years ago by car031

  • Component changed from Core to User Interface
  • Milestone set to 7.2.1
  • Resolution set to fixed
  • Status changed from new to closed
  • Summary changed from Potential security issue in folder history to Ability to show/hide the history tab for certain users
Note: See TracTickets for help on using tickets.