Securing sensitive customer attachments

Have more questions? Submit a request

2 Comments

  • Stuart Buddrige
    Comment actions Permalink

    I believe there may be an issue with the security of Zendesk attachments.

    I have the 'Include attachments in emails' checkbox selected and the 'Require authentication to download' disabled.

    If I navigate to the Help Centre and view an attachment in one of my tickets, I can see the attachment as expected. However, if I copy the attachment link to another person, they can also see the attachment without any need to sign in to the Help Centre, or indeed have a Zendesk account at all.

    Is this expected behaviour? 

    I would've thought this attachment wouldn't be accessible to anyone else?

    Thanks,

    Stuart

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hi Stuart,

    If you're copying the attachment over to another user and you don't have Require authentication to download enabled then this is most likely expected behavior. If you were to enable Require authentication to download enabled then the user you're copying the attachment over to would need to sign into your Help Center to access the attachment.

    This is actually why we encourage users to enable this feature as in some cases an attachment may get unintentionally forwarded to a user that should not have access to that information. With the feature disabled they would be able to view the attachment without logging into your Help Center.

    Let me know if you have any other questions for me.

    Cheers!

    0

Please sign in to leave a comment.

Powered by Zendesk