A two stage registration process: - User fills out registration form and gets an mail with a e-mail address verification link. - If E-Mail verification is successful, Administrator gets a notification mail and has to accept or deny the request - User gets a deny notification or a acceptance mail.
John Flanagan January 21, 2013 16:44 this is important. Currently an internal user can send data to any external person. We want to restrict this to registered and validated users. Johan Allard January 21, 2013 19:59 You don't have to enable registration of users. You can setup all your users manually if you want more granular control over who gets access. If you use LDAP authentioation you can limit access to the system to specific groups. In terms of sending to any external user - yes, LiquidFiles is built like an extension to your email system. Is there currently a limit in your mail system who your use can send emails to? In almost all cases the answer is no, and LiquidFiles follows this convention and allows local users to send to anyone, and external users to send to local users. Same as what's already allowed in the mail server. John Flanagan January 22, 2013 08:13 Hi Johan, Hi have user registration switched off but it is still possible for an internal user to send a large file to a unapproved external user. When the external user receives the mail they can then register themselves and and collect the data. I don't think this was possible in my previous version, 1.8. In liquid files it is possible to send very large quantities fo confidential company information to an external recipient, in our mail system file size is restricted to 10Mb. For this reason managing security is very important. Regards, John. Johan Allard January 22, 2013 09:08 LiquidFiles, and the Filetransfer appliance before that, has never had any restrictions on who local users can send files to. With you email system, nothing is preventing a user wanting to do the wrong thing from splitting data in 10Mb blocks (WinRAR for instance will do this for you) and sending any amount of data through your email system. And there's no validation and no proper logging of what's going on. Anyway - this request is not about authorization of recipients. It's about authorization of senders. And authorization of senders is better done with LDAP groups. John Flanagan January 22, 2013 12:01 Hi Johan Everything you say is completely correct. We will never be able to stop people with a little knowledge who want to abuse the system, but we can stop the average user and make it more difficult for the advanced user who wants to misuse our tools. Regards, John. Johan Allard January 22, 2013 21:15 Hi John, Well, the rough formula is: number of votes ----------------------- = likelyhood of implementation effort to implement Provided that the feature makes sense for the product of course. LiquidFiles is not likely to include say a blog regardless of number of votes. Johan Allard May 14, 2013 22:32 Version 2.3 has added a feature that limits the ability for certain groups of users to send files to only listed email domains so this takes care of the problem behind the feature request. One of the key architectural decisions with LiquidFiles is that it's supposed to be self administrating as far as possible, so there won't be a feature where an admin must approve all outgoing messages.