I’m always concerned about external links and the security risk the expose.
I wonder if an option when setting them up to set an expiry date, or more likely an admin setting to force an external link to expire after x days would be possible?
This would mean that while the security risk still applies while the link is active, a member of staff that left months ago can’t get indefinite access to data.
Would be good then for Admin to run a report of external links and the expiry dates and status of a link and in that screen expire or refresh one or multiple links. Refreshing would create a new link.
3 Likes
Great idea, when we are at the prototype phase we use the URL option to let the senior stakeholders (who are not a Phocas user yet) review how we are doing. We already have had this issue crop up, where a URL has gone un-spotted for a while. An expiry date would be a great way to close this security exposure.
Thanks both for your suggestion. An expiry was discussed many times during the implementation of this feature, and we ultimately decided to proceed without it. Instead we made it easy to turn off external links, obvious when they are active, and disabled them when something important like relevant restrictions were adjusted.
Having said that, it is obviously a good suggestion, and it has been logged in our system for potential future inclusion.
Do you see users setting individual expiry dates for each external link? Or a global setting that applies to all external links across the organisation?
In my view I think it should be an administrator setting where:
a) The administrator can see one list of all links created (can filter for active/expired) and he can terminate them one by one without having to go to the actual source report
b) The expiry date could be set when creating the link, e.g. expire after 7 days, 2 weeks, 1 month or ultimately “No Expiry” - however if the Administrator can set a “Maximum Period” that will restrict what the issuer can set that would be good too.
1 Like
OK thanks @StuartH.
Although there is no expiry at present, the administrator can view all active links and terminate them individually or in bulk.
