Question

weblink can you disable the e-mail link button

Laserfiche Version 8 WebLink

Updated April 23, 2014

asked on April 22, 2014

I created a specific Laserfiche Account to allow access to certain documents from kiosk computer's here at City Hall that user's should not be able to access from home.

Steps I took was 1st. I created a new DBID in weblink to random number that would be hidden from the user. Found out that when the use the e-mail link button from the TIFF viewer it allows them to view the documents from home.

Is there a way to disable the e-mail link function from a particular user not the whole system?

Weblink 8.3.1

0 0

Answer

SELECTED ANSWER

replied on April 22, 2014

Then the only way that you will be able to do what you're after, and still be totally secure, is to create another instance of WebLink. That's our standard practice for securing WebLink. We probably have half a dozen different instances running at any given time. There are some department specific instances, a kiosk instance, an ERP integration instance, and an internet facing instance. That way, we have very tight control over what each instance can and can't do.

"Security by obscurity" is a dangerous game when sensitive data is concerned.

2 0

Replies

replied on April 22, 2014

Does that user need to export at all? If not, you can just remove their export rights, which includes the ability to email.

0 0

replied on April 22, 2014

Generate PDF part of the Export rights?

0 0

replied on April 22, 2014

There is a Print (PDF) button that allows a user to export a PDF. This can be disabled by removing the export rights for the specific user in Laserfiche, as Brian said.

The browser itself, has a URL that can be copied and e-mailed. To prevent a user from accessing this you would need to use something outside of Laserfiche to force the browser not to show the URL bar.

If the goal is to ensure that records can't be viewed from home. You could (1) block all traffic to Weblink to internal workstations, i.e. the Kiosk. Or (2), you could change the authentication method in IIS for the new DBID you created, such that only internal users could access it. There are likely some other options, but these would be my first choices.

0 0

View 4 previous replies

replied on April 22, 2014

Option 1 is the best. Everything else is just obfuscation, and that's bound to come back and bite you.

0 0

replied on April 22, 2014

I'm able to hide the URL bar by changing the IE toolbar settings. WHen I turn off the export feature it doesn't remove the e-mail icon.

e-mail.png (15.32 KB)

| Download

0 0

replied on April 22, 2014

Have you disabled the email functionality in the WebLink Administration utility?

0 0

replied on April 22, 2014

Devin. No

If I disable that function will turn it off for all public user's. I have 2 public users that we are using.

User 1 needs to be able to us the e-mail function.

user 2 needs it to be disabled.

0 0

SELECTED ANSWER

replied on April 22, 2014

"Security by obscurity" is a dangerous game when sensitive data is concerned.

2 0

replied on April 22, 2014

That makes sense. Thanks Devin for the good information.

0 0

replied on April 23, 2014

Hi Ivan,

It looks like you have a number of good answers to your question! If one provided the answer you needed, please click the “This answered my question" button.

If you still need assistance with this matter, just update this thread. Thanks!

0 0

You are not allowed to follow up in this post.

Question

Question

weblink can you disable the e-mail link button

Answer

Replies

Sign in to reply to this post.