Hi Jared I heard you are the expert on Weblink have a question from a client about weblink 9.x and the bread crumb path.

We have ran into an issue of potential unwanted disclosure of confidential information through the breadcrumb path in Laserfiche Weblink. Our current practice is to create shortcuts in the Weblink folder structure to documents in our internal working folder structure for public access. Hopefully, the following screen captures will help explaining the issue a bit more:

• Recently, we have noticed that if a person navigates to the document shortcuts, the breadcrumb path is shown at the top of the navigation page.

• Documents are folders in Weblink is referenced by Entry ID.

• If the person randomly changes the Entry ID in the URL, he/she could potentially hit other documents and folders in our internal working folder structure.

• Although access right prevents the person from opening any documents he/she does not have access to, the breadcrumb path shows where the document lives in our internal folder structure. Due to the way folders are named in certain areas of our folder structure, there’s the potential of disclosing confidential information through the breadcrumb path.

Please advise on solutions to remediate any unwanted consequences.