A useful feature for our environment would be for there to be a quarrantine area, and once a file goes into quarrantine approval from an administrator would be required before a file can be released. Options for sending a message to quarrantine could be: 1) Default action (i.e. all files from all users require administrative release) 2) Based on file extenstion (e.g. zip) 3) Based on file contents (e.g. run a regex against all uploads)
Johan Allard May 14, 2013 22:35 One of the key architecural decisions with LiquidFiles is that it's supposed to be self administrating, as far as possible. There won't be a feature where an admin will have to approve every single message before sending. James Donovan March 11, 2016 18:32 Hi Johan, I understand that self-administration is a top priority for LiquidFiles, however, I don't see the problem with adding this as an optional workflow as it would be especially useful in corporate environments where employees and clients need to exchange sensitive and/or private information. It doesn't even have to be an administrative hold (in fact, I'd much prefer if it wasn't, being the only SysAdm here). It could be designed like this: when you create a group of users with the ability to upload files, you can indicate another user or group of users who are responsible for upload approvals. When a user uploads a file, an email is generated and sent to the approval user/group of users alerting them to the fact. They can then look at the recipient email address and the content of the upload and either approve or deny the request - which should be logged. If approved, the rest of the normal process is followed - an email is sent to the recipient, etc. I would imagine this scenario is a fairly common workflow in corporate environments but I reserve the right to be proven wrong. What do you think? Would you at least consider it? Johan Allard March 14, 2016 08:39 Authorisation systems are extremely hard to generalise. Almost every organisation has their own idea of what level is required to approve what. I don't discount the fact that given the option, a lot of auditors would get extremely excited and start to dream about different levels of classifications and how they could tweak things to match whatever their school of thought they subscribe to says about data classification policies matching their industry standard.... If this ever is going to make it into LiquidFiles, this request has to become very, very popular and there would also need to be consensus on exactly what would need to be implemented and how it would work. If we can't make it very simple and satisfying what most organisations want, and there has to be a lot of organisations that agree on the same implementation - it won't make it into LiquidFiles.
