[ZendTo] Drop-off by request only - has anyone else wanted this?
John Thurston
john.thurston at alaska.gov
Fri Feb 1 23:01:53 GMT 2013
I've been asked by one of my bosses if we can remove the uninvited drop
off feature. That is, it won't matter if you can supply an email address
and answer a captcha. The only way you can drop a file off is by
invitation with a "request code". The concern is the ability of an
arbitrary outsider to use a semi-trusted email vector for phishing attempts.
I think it is a valid attack vector, but one which would be sufficiently
slow and difficult to exploit that it doesn't concern me very much.
However, I'm here to ask if anyone else has wanted or needed to disable
this feature.
(Or, is the joke on me and there already IS a way to disable this feature?)
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska
More information about the ZendTo
mailing list