Communication Channels

Get Involved. Join the Conversation.

Topic

    Owen Stone
    Inline image security with forwarded emails
    Topic posted November 7, 2019 by Owen StoneRed Ribbon: 250+ Points, tagged Email 
    12 Views, 1 Comment
    Title:
    Inline image security with forwarded emails
    Summary:
    How to secure inline images
    Content:

    We've had this come up as a potential issue with one of our customers. They're often sent sensitive data as inline images in an email, which service cloud makes accessible via the *site*/ci/inlineImage/get url when it's forwarded out via a rule. Their issue is that this folder is entirely unsecured, if you know (or can work out) the URL, you can access these images without the need for any kind of authorisation, and as far as we an tell, nothing is ever cleared from it and the address is static.

    We could switch the visual email functionality off so these are just stored as attachments and can only be accessed by logging in, but that obviously isn't great for usability. Does anyone have any ideas on how to either make this more secure, or a way to clear out these inline images on a regular basis?

     

     

    Version:
    19B

    Comment

     

    • Cosimo Galasso

      In the Visual Email editor of the Agent Desktop there are 3 ways of inserting images:

      1. Copy and Paste images
      2. Image by URL
      3. Upload an image

      Do not use inline images since these are saved against your Customer Portal /ci/inlineImage/get/(identifier)

      You should try the second method and insert an image by URL, hosting the image on a secure server.

      Alternatively you could use the incident file attachments (the little clipboard); incident file attachments are saved against your Customer Portal /ci/fattach/get/(identifier) and they require the contact to be logged in the CP in order to be accessed.

      CG