HelpSpot Help Desk Software | HelpSpot Blog | HelpSpot Support

Document Security Questions


#1

The documents we attach to our internal KB areas can sometimes contain sensitive information that needs to be secure.

Before we begin uploading such documents, can you tell me what security measures are in place for these NOT being available to a casual user or Internet indexing spider, for example. How are these things stored for example? Can someone type in a URL and grab them (if they knew the URL)?

By the way - we are extremely satisfied with the system - but I guess you get that all the time.

Thanks -


#2

Hi Anthony,

Yes your documents are protected. As with any piece of software there could be exploits and such, but the documents are certainly not left in the open by the system. No exploits are known at this time and if any are found patches would be released immediately.

The documents are stored in the database so they can’t be accessed by trying the file system with things like www.yourdomain.com/helpspot/files/abc.doc because there’s no files there. Also, the files in private knowledge books can only be accessed by a logged in user. So no person simply using the portal can access the files.

So if a person or spider had the internal URL they would not be able to download the file since they are not logged in to the HelpSpot administrative area.

You can easily test this yourself. Upload a file in the a private KB. Right click the link to the file and copy it. Log out of HelpSpot. Paste the link in your address bar and try to access the file. You should be presented with the login screen. Just make sure it’s a file you’ve just uploaded and never accessed before. If you’ve already accessed it the browser may send you the cached version it has locally (especially if you’re using IE) instead of getting it from the server.

Thanks for the compliment! I still like hearing it :slight_smile: