[ZendTo] {Disarmed} Re: Antwort: Re: data leakage prevention

Joerg Streibhardt eljoest+lists at googlemail.com
Fri Mar 2 09:46:26 GMT 2012


Hi Patrick,

glad this would help. Please keep in mind that merely removing the button
from the template will not prevent someone from accessing the direct link
and create a dropoff. To prevent this you'd need to change the respective
code that accepts the dropoff.

Cheers
Jörg

On Fri, Mar 2, 2012 at 10:27 AM, <patrick.gaikowski at kaufland.com> wrote:

> Hi Jules,
>
> you got it!
>
> But if i'm commenting out the lines, it wouldn't be possible from outside
> to make a Drop-Off without authorization, right?
> This would not be our aim.
>
> Your Item 2 would be the better solution, because i can limit it to our
> company subnets. From outside it should be definitly possible to make an
> "unauthorized" Drop-Off, because this is the main aim of that solution :-)
>
> Mit freundlichen Grüßen / Best regards
>
> Patrick Gaikowski
> Tel:     +49 7132 94 3568
> Fax:    +49 7132 94 73568
> E-Mail: patrick.gaikowski at kaufland.com
> KI 967850: IT International / IT Governance / Netzwerk Design und
> IT-Sicherheit
> Office:
> Lindichstrasse 11
> D-74189 Weinsberg
>
>
>
> http://www.kaufland.de
> http://www.spannende-it.de
> Wir sind die Nr. 1:
> Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
> Kaufland Informationssysteme GmbH & Co. KG
> Postfach 12 53 - 74149 Neckarsulm
> Kommanditgesellschaft
> Sitz: Neckarsulm
> Registergericht: Stuttgart HRA 104163
>
>
>
>
>
>
>    [image: Inactive hide details for Jules ---02.03.2012 10:18:03---Jules
>    <Jules at zend.to>]Jules ---02.03.2012 10:18:03---Jules <Jules at zend.to>
>
>
>    *Jules <Jules at zend.to>*
>    Gesendet von: zendto-bounces at zend.to
>
>    02.03.2012 10:13
>     Bitte antworten an
>       ZendTo Users <zendto at zend.to>
>
>
>
>
> ZendTo Users <zendto at zend.to>
>
>
> Thema
>
> [ZendTo] Re: data leakage prevention
>
> Sorry for the change in Subject line, I think you posted from the wrong
> address by accident.
>
> So you want 2 things:
> 1) Locally connecting users must log in
> 2) No drop-offs for users who aren't logged in.
>
> Item 2 (which is what I think you describe below) you can implement
> right now yourself by editing /opt/zendto/templates/main_menu.tpl.
>
> What you need to do is remove the "Dropoff" button from the section of
> page that is displayed when a user has is not authorised. In my latest
> version of that file, it's lines 58-61. Just comment out those lines and
> users who have not logged in won't be able to access the "Drop-off"
> button in the menu. Once you're sure you've got it right, delete those
> lines instead of commenting them out.
>
> Given that you can do item 2 yourself, do you still need item 1?
>
> Jules.
>
> On 02/03/2012 08:48, zendto-owner at zend.to wrote:
> >
> > Hi Jules,
> >
> > we do not need/want anonymous users to upload files without prior
> > contact. If a file is required, our contact will send out a request to
> > the user. We try to maintain a single contact address for most
> > requests to cope with absent contacts.
> >
> > Cheers
> > Jörg
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.Zend.To
>
> Follow me at twitter.com/JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> 'It's okay to live without all the answers' - Charlie Eppes, 2011
> 'All programs have a desire to be useful' - Tron, 1982
> 'That is the land of lost content,
>  I see it shining plain,
>  The happy highways where I went,
>  And cannot come again.' - A.E. Houseman
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120302/bbcd1704/attachment-0001.html 


More information about the ZendTo mailing list