Tickets Private Fields for sensitive data.

Alpha1

Alpha1

Member
Tickets need private fields, so that users can provide sensitive details like passwords, payment transaction details, etc.
These private fields should be protected against unauthorized access and hacking. Here is how this can be done:
  • Encrypt the contents of these fields instead of storing in plain text.
  • Delete the content of these fields after X days.
  • Moderator permission to access private fields.

This feature is needed by various people.
 
Upvote 2
Thinking about it some more, categories can already have specific email addresses assigned to them that can receive notifications when new tickets are created. I'm currently thinking of including it within this email as it wouldn't (and shouldn't) be stored in the database, etc.
 

VaultWiki - Wiki for Forum Communities - Update to Our Ticketing System

In response to the recent hack (https://www.vaultwiki.org/articles/183/) on our web server, as of January 23, 2016, we have implemented the following changes to our Support Ticket service and related policies. Customers should feel confident that if our web server is ever compromised again, data...
www.vaultwiki.org
On encrypted ticket fields:
www.vaultwiki.org

Privacy Policy

Because VaultWiki.org gathers certain types of information about our users, we feel you should fully understand the terms and conditions surrounding the capture and use of that information. This privacy statement discloses what information we gather an
www.vaultwiki.org

I have asked @pegasus for feedback.
 
ALfa1 said:

VaultWiki - Wiki for Forum Communities - Update to Our Ticketing System

In response to the recent hack (https://www.vaultwiki.org/articles/183/) on our web server, as of January 23, 2016, we have implemented the following changes to our Support Ticket service and related policies. Customers should feel confident that if our web server is ever compromised again, data...
www.vaultwiki.org
On encrypted ticket fields:
www.vaultwiki.org

Privacy Policy

Because VaultWiki.org gathers certain types of information about our users, we feel you should fully understand the terms and conditions surrounding the capture and use of that information. This privacy statement discloses what information we gather an
www.vaultwiki.org

I have asked @pegasus for feedback.
Click to expand...
Cool, thanks. I’m mostly interested in how others handle decryption key transfer. Xon also has some good ideas on how to make it as easy as possible so I think we’ll see this sooner rather than later... finally.
 
Here are some thoughts on the matter submitted by Pegasus (Vaultwiki):
Pegasus said:
- The decryption key should not be sent to staff over an unencrypted transmission like email.
- Encrypted fields should ideally be just as strong as your SSL certificate encryption.
- For certain compliance, like PCI, it may be necessary to store encrypted data and decryption keys on separate machines (servers). Because of this, you may want to use an AWS bucket or something like that, where NixFifty is only granted write access (to write the keys) and staff members have read access, to look up keys.
- Key lookup should not rely on a staff member's password. That is, being logged in to the forum should not automatically let them find keys.
Click to expand...
 
This one is becoming quite urgent. We frequently get sensitive and personal information in tickets which falls under the GDPR. If we would ever get hacked and the ticket contents leaks then this would not only be a disaster in itself, but we would also be liable for millions in fines. That would simply be the end of any website in such situation.

To avoid this we really need encrypted fields (text & file upload) that automatically clear out after X amount of time.
Please prioritize this. Its a suggestion from 2016 that was supposed to get implemented 'sooner than later'.

Can you confirm that this will be implemented within the near future? (several months)
 
Field pruning is in the next version. As for encryption, that should follow soon after.
 
You must log in or register to reply here.

Similar threads

Alpha1
Tickets Release
2
Replies
31
Views
23K
Chernabog
C
Back
Top