Tickets Private Fields for sensitive data.

NixFifty

Administrator
Staff member
Thinking about it some more, categories can already have specific email addresses assigned to them that can receive notifications when new tickets are created. I'm currently thinking of including it within this email as it wouldn't (and shouldn't) be stored in the database, etc.
 

ALfa1

Well-Known Member
On encrypted ticket fields:

I have asked @pegasus for feedback.
 

NixFifty

Administrator
Staff member
On encrypted ticket fields:

I have asked @pegasus for feedback.
Cool, thanks. I’m mostly interested in how others handle decryption key transfer. Xon also has some good ideas on how to make it as easy as possible so I think we’ll see this sooner rather than later... finally.
 

ALfa1

Well-Known Member
Here are some thoughts on the matter submitted by Pegasus (Vaultwiki):
Pegasus said:
- The decryption key should not be sent to staff over an unencrypted transmission like email.
- Encrypted fields should ideally be just as strong as your SSL certificate encryption.
- For certain compliance, like PCI, it may be necessary to store encrypted data and decryption keys on separate machines (servers). Because of this, you may want to use an AWS bucket or something like that, where NixFifty is only granted write access (to write the keys) and staff members have read access, to look up keys.
- Key lookup should not rely on a staff member's password. That is, being logged in to the forum should not automatically let them find keys.
 

ALfa1

Well-Known Member
This one is becoming quite urgent. We frequently get sensitive and personal information in tickets which falls under the GDPR. If we would ever get hacked and the ticket contents leaks then this would not only be a disaster in itself, but we would also be liable for millions in fines. That would simply be the end of any website in such situation.

To avoid this we really need encrypted fields (text & file upload) that automatically clear out after X amount of time.
Please prioritize this. Its a suggestion from 2016 that was supposed to get implemented 'sooner than later'.

Can you confirm that this will be implemented within the near future? (several months)
 
Top