Re: Security problem in notification links

Home Forum Managing Stage / Role Field Access Security problem in notification links Re: Security problem in notification links



I believe I now understand why the system sets roles based on notification URLs. Since unlicensed users can only be assigned a role based on an email address, and given that when a user opens the form the SSO module only returns the domain name, there is no way to correlate an unlicensed user to the email address assigned to the role. Instead, the role is tied to the URL in the notification.

That is fine for unlicensed users; my behavior will send that username to LDAP and return the user’s email address, which I can then compare to the email address of the current role. The problem is when the notification is intended for a licensed user, where the URL is linked to the user information as well as the role.

In our particular case, removing the World permissions is not a possibility. We need to allow both licensed and unlicensed users to access the form. We also cannot limit the system to “Domain Authentication Only” because we intend to deploy forms to users outside of the domain eventually as well.

The idea of removing the role association from the notification and adjusting permissions based solely on the domain username is a possibility, but it will take a lot of work and is impractical, given the number of permissions in this particular form.

Is there any way to disassociate the licensed user information from the link? I could also solve this problem if I can somehow determine if the SSO gateway was used. I tried to populate a field with the form URL to search against, but it always comes back as the non-SSO URL. (Perhaps you can also lend some insight as to why that is happening.)

Finally, is there anyway to change the role after the instance has been opened? (Something like: If {condition is met}, role = {new Role}, else, role = “Unspecified”)

I am currently looking into the possibility of sending a test form over.