Email file attachment security


If I email a customer using Support Ticket, and attach a document by uploading it first, that document appears to be publicly available, via /files/. , even if you’re not authenticated at all. (at least when running via bench start).

This is of course completely unworkable - that document could be sensitive.

How can I limit this?

Many thanks.

Interesting to know. Thanks for posting about this. i’ll be following the thread as it develops.

This is a limitation. Please make a github issue, we’ll come up with a solution.

1 Like

thenon post the github issue here so other’s can click over and vote for it too