I recently had the experience of a guest user gaining unauthorized access to my account when I inadvertently forwarded an internal proof notification.
Support explained the following: "From what you are saying it sounds like those users are getting your routing link through a forwarded email, and they aren't noticing that it's logging them in as you. The URL attached to those emails is linked to your credentials for that proof, so anyone who follows the link will be entered into the proof as you. There is a setting on each proof to change that behavior by requiring users to log in to the proof, that will prevent people who ended up with your personalized link from making changes as you. This will, however, prevent unlicensed users from accessing the proof. If all of your work is done internally and you don't have to have guest users, and external users access the proof then this would be the best route. If you do need external users to have access then it would be best to not forward notification emails from proof, as they contain that personalized link."
Would be possible in a future update to close this loophole by somehow referencing IP Addresses to block this type of access to guest users?
Topics help categorize Community content and increase your ability to discover relevant content.
Hey Joel,
Do you have access to the Innovation Lab to submit this as an official "idea" that other people can vote on? Also, I'll be sure to send this to the product managers over proof and see what we can do on that end as well.
Kyna
Views
Replies
Total Likes
Hi Kyna. I am new to the community and thought I had submitted to the Lab. I've just done a deeper search, and found what you refer to. I will submit it as you suggested. Thank you!
Views
Replies
Total Likes
Wonderful! I'm so glad you're here (in the Community), that you're posting (I really hope to see more questions from you over time) AND I'm glad you found the Innovation Lab. For future reference, when you submit an in idea to the Innovation Lab, it's totally okay to post about it in the community as well so others might see it in the digest emails and go and vote on your idea!
Views
Replies
Total Likes
@Kyna Baker - inactive‚, well-meaning as "put it in Innovation Lab" seems, there are too few Workfront Proof users vs. mainline Workfront users to get much traction in the Innovation Lab on Proof issues; so I don't find it to be a viable avenue for changes not directly related to Workfront.
I've received the answer @Joel Clements‚ had, and a few other variants on a theme, and they really come off as "it's working as intended, sorry" or "train your users better, sorry."
We've considered this a glaring security issue since we joined Workfront and are of the opinion this should be taken-up ASAP and not part of the wait-for-a-vote Innovation Lab (previously Idea Exchange) route. It creates a huge accountability issue and other systems of this type provide links that still require the user to log-in as themselves. Security 101 really.
Embedded credentials on a URL link may as well be the same as plaintext login, which is a much frowned-up IT practice; just to name one way to look at this…I can go on with more reasons this practice is bad for security, accountability, a paper trail in Legal/Regulatory environments.
I suggest Joel do what we did and push via their account representative as well, I think WF needs to know this isn't just an "idea," it's really a serious bug/oversight. Also feel free to mention my ticket #00235420.
Thanks for sharing your experience, Kevin.
When I first saw my decision on a proof changed, and then saw comments on a proof attributed to me which I did not make, I was quite confused. When I was told that anyone who gets hold of my personal proof link can access proofs without needing login credentials… well, I was deeply disturbed!
The latest incident resulted in mass confusion regarding proof feedback and logged decisions, and a missed deadline. Luckily this happened a longtime customer, and I didn't have to do much to repair my credibility with them.
As you said, this is a GLARING security issue.
I will also try to see if anyone at Workfront will take this issue seriously.
Cheers,
Joel
Views
Replies
Total Likes
Just got off the phone with Customer Service. The system is set up to allow guest users access without the need for credentials (because they can only store credentials for licensed users) – which means that if they get hold of a licensed user's proof notification link, the guest user can access the customer's account. The option (which isn't really a viable option) is to set proof permissions to require login to view a proof – which means only Workfront account holders could view the proof. It's a classic "Catch-22".
“There was only one catch and that was Catch-22, which specified that a concern for one's safety in the face of dangers that were real and immediate was the process of a rational mind. Orr was crazy and could be grounded. All he had to do was ask; and as soon as he did, he would no longer be crazy and would have to fly more missions. Orr would be crazy to fly more missions and sane if he didn't, but if he was sane he had to fly them. If he flew them he was crazy and didn't have to; but if he didn't want to he was sane and had to." 😆
Views
Replies
Total Likes
😱 😆 👍
@Joel Clements‚ and @Kevin Quosig‚ We have this same issue. The workaround is to train our proof creators and owners to share their proofs via the share button rather than forwarding on emails or links.
It works, but it would be very nice if they didn't have to avoid the obvious 'forward.' Happy to add my support to where ever is needed to try and get some traction on this.
Views
Replies
Total Likes
@Samantha Isin‚
Yeah, my gripe is the instant you have to "train around" a more natural behavior (forwarding), you're in for an uphill battle. My career is littered with the battlescars of the phrase "just train around it." You don't even realize you've said it two dozen times as you're configuring the product and next thing you realize that half your process is a work-around. *ugh*
My response to that is now, reflexively, "make your product more intuitive." (Or barring that, configurable.)
I have nothing against others here who love the free-for-all forwarding as a point of flexibility. I just want the option to have best practices for security. The product should have started with that premise, then made "less secure" the optional part.
I think of it in terms of a network firewall at the corporate level: you start with "lock out everything" and then decide on a case-by-case basis what to let through after examining the risk.
Views
Replies
Total Likes
We forward proof notifications pretty regularly - to reviewers who do not have a Workfront login - and have to constantly remind them NOT to use the Make Decision button. We've found forwarding the proof (mostly) works for us, except for the confusion that is caused when comments are made by someone other than who it looks like made them.
We wouldn't want to have to create a Workfront account for EVERY SINGLE proof reviewer. But ideally (for us) that forwarded notification would allow the reviewer to get into the proof and make their edits (no decision) but also require them to enter their name, email, or both just so we know who made the comments.
Unfortunately, we need more accountability than that and a bullet-proof paper trail. We also have legal and IP protections to consider.
A proof reviewer should only be allowed to access a proof as themselves so there is full accountability and no possibility of confusion who made a comment or approval. No accidents, no "do not touch that" training.
I'm all for the usual "don't take options away, add new ones" if @Heather Kulbacki‚'s needs are common. But we need strict, industry-standard security standards as an option.
Heather, You don't need to create an account for every single proof reviewer. You can invite reviewers as "guest users". Just add their email address in the Workflow when you create your proof and they will have access under their own identity without needing a paid Workfront account. This sends them a link to the proof, and any comments decisions are attributed to them. Guest users do not need a Workfront account.
However, if you enable the "Secure proofing" under proof setting, only licensed users can access a proof.
Views
Replies
Total Likes
For us, the person creating the proof and setting up the workflow doesn't know who these reviewers are that the notification gets forwarded to. We have one contact that we send the proof to and it's their responsibility to get addition comments from whoever else needs to review.
We've also tried using the "forward this proof to someone else" link and have found that has too many hoops to jump through before any additional reviewers can actually access the proof, since the proof owner needs to approve anyone added this way plus someone has to move that user to the correct stage once approved.
Ideally, for us, when someone uses the "forward this proof to someone else" link, anyone added would be added to the same stage as whoever is adding them and no one else would have to approve whoever is added before they can actually access the proof.
But I'm sure there are other organizations that would still want a project owner or proof owner to approve anyone added to a proof before access is allowed.
Views
Replies
Total Likes
Oh I read this out of order. We have the same process where the designer doesn’t know who needs to approve so he shares it only to the (worker license) manager who makes that decision and goes back into the proof and shares it with the correct people by sharing it with them in the correct part of the workflow. We find forwarding really screws things up and causes so much confusion, and also you can’t have in-proof conversations about edits. The danger with this then relies in version 2 where the designer MUST remove those new people as they are automatically populated into the sharing list. Note we don’t use automated workflows, as every proof is unique and we can’t find a way to automate that so it makes any sense, we have more exceptions than rules.
Views
Replies
Total Likes
Heather I don’t understand this. You don’t need any license to review a proof or even have to create an account for a new proofer. We send proofs to dozens of people outside our company with no problem. When you share the proof ‚Äîfrom within the proof ‚Äî the user gets added to.a user list that resides only within the Proof part of the app and so when they get the notification with the proof link it is for them and their name appears in their comments and they can approve the proof, no sharing of a log in is necessary. Maybe I’m missing some rationale why you are doing this?
Views
Replies
Total Likes
I am not an IT expert, but I would think there must be a way to utilize IP addresses to solve the security issue. When I spoke to Customer Support yesterday it was clear to me that they know this is an issue, but there is little will on their part to address it. They just say "Don't share your proof notifications with anyone".
Hi - For me personally, it doesn't make any sense for the Designer to be the one in charge of a proof if they do not know who the reviewers are. There are two options I see..
1 - The Designer still creates the proof but makes the Project Owner the proof owner (you can have different proof owners and proof creators). The Project Owner then goes in and adds the correct reviewers and manages everything else from there.
2 - For the first version, the designer uploads the file as a regular document. The project Owner then uses the new-ish Create Proof option (which allows for Basic or Advance for those using workflow templates) and they own the proof. When the designer is done creating Version 2, they can upload it to a comment on the first version and tag the Project Owner. This way, they can see if all the comments have been resolved as well as download the V2 to upload to the proof.
We have over 700 proofs a day and 13,000 and we have never needed to forward an email notification to someone. As mentioned above, you can easily add guests to your proofs just by adding their email address to it. Complicating it with IP addresses (especially in this remote working world), doesn't seem necessary to me.
Views
Replies
Total Likes
Hi Anthony - the one part of your process that I don't understand is why not upload V2 as a proof and delete all the existing people except the one who is the actual owner who can then easily use the compare tool for V1 to V2?
We also do something new that has been kind of working for certain types of projects that require quicker turnaround -- still some training of the designers to read the brief! In the brief we have a space to list who should get the V1 proof so the designer can share it correctly when they upload it. This saves about 1/2 day waiting for the manager to get to it, and moves things along a bit faster. Of course this only is for internal proofs as we wouldn't want an external person to see a proof before we have signed off internally first. Then the project manager shares it with any additional external or other stakeholders once they are ok that it is ready to be shared, or decide to wait for V2 if the edits are material or embarrassing.
Views
Replies
Total Likes
Hi Jill - The designer doesn't want to have to delete 30-something people and the project owner doesn't want to have to add them back every time. Our templates don't have people in every stage as you might not the Copy, Art, Dev, or Studio operator for the piece. (And you can't attach a template mid-flight with an empty stage). Besides, this could cause issues where someone was on Version 1 but forgotten on Version 2.
The Project Owner is just doing a quick glance to make sure all comments marked To Do are resolved and just a quick look over it. It isn't a full review. That is what Proofreading and Account are for. ;)
Views
Replies
Total Likes
I didn't know you can't add a template mid-flight. It's so interesting to me to hear how other people manage their workflows, always looking for ideas on how to do it better. We are a small group, with 4 proofs on a very busy day. 600 makes me a little nauseous.
Views
Replies
Total Likes