コミュニティアチーブメントバーを展開する。

Don’t miss the Workfront AMA: System Smarts & Strategic Starts! Ask your questions about keeping Workfront running smoothly, planning enhancements, reporting, or adoption, and get practical insights from Adobe experts.

Mark Solution

この会話は、活動がないためロックされています。新しい投稿を作成してください。

Can developers address security loopholes in proof notification links?

Avatar

Level 2

I recently had the experience of a guest user gaining unauthorized access to my account when I inadvertently forwarded an internal proof notification.

Support explained the following: "From what you are saying it sounds like those users are getting your routing link through a forwarded email, and they aren't noticing that it's logging them in as you. The URL attached to those emails is linked to your credentials for that proof, so anyone who follows the link will be entered into the proof as you. There is a setting on each proof to change that behavior by requiring users to log in to the proof, that will prevent people who ended up with your personalized link from making changes as you. This will, however, prevent unlicensed users from accessing the proof. If all of your work is done internally and you don't have to have guest users, and external users access the proof then this would be the best route. If you do need external users to have access then it would be best to not forward notification emails from proof, as they contain that personalized link."

Would be possible in a future update to close this loophole by somehow referencing IP Addresses to block this type of access to guest users?

トピック

トピックはコミュニティのコンテンツの分類に役立ち、関連コンテンツを発見する可能性を広げます。

21 返信

Avatar

Level 2

Thanks for your insight from an agency perspective. There are situations where a designer would be in charge of a proof (freelance or sole proprietorship).

The issue Kevin and I have is not a perceived "need" to forward notifications, but a security loophole when an internal proof notification is knowingly or unknowingly forwarded to an external reviewer.