Fax viewing security in inbox

Post issues and contribution related to ictdialer further development

Fax viewing security in inbox

Postby kemathy » Fri May 23, 2014 9:35 am

Hello there,

We're making some ICTFax tests for some days now, and we noticed that the inbox directory (http://XXX.XXX.XXX.XXX/ictfax/sites/def ... nbox/7.pdf), containing all the pdf and tiff files is easily accessible from any web browser, without having to authenticate (admitting that the browser's public IP is allowed in server's firewall)

So, my question is : is there a way to protect this access, not only with an .htaccess file, but to make file only accessible from the inbox fax webpage, and only for the user whose have received or sent the fax ?

If someone have an idea.... ?!

Thanks

Kevin
kemathy
 
Posts: 3
Joined: Wed May 21, 2014 9:42 am

Re: Fax viewing security in inbox

Postby falak » Fri May 23, 2014 12:11 pm

There are many possible solutions to allow only intended user to access their fax documents. For example, you can set un-guessable name to your fax file such as setting hash of the file-name (e.g. a hash generated from combination of username and fax-id) instead of simple fax-id. And then disallow directory list from htaccess. This will only allow the intended user to access the fax document.

You can also make a custom php file that will only send header and then echo contents of the fax file. This approach will allow you to place your fax documents in a private directory on the server instead of public folder.

None of these approaches is currently present in ICTFAX. May be in future versions, the hash generated file names can be used in fax documents for security purposes.
falak
Site Admin
 
Posts: 166
Joined: Tue Jan 17, 2012 7:33 am


Return to Development

Who is online

Users browsing this forum: No registered users and 1 guest

cron