Encrypted URL: Return URL should not be allowed to be changed.
When using URL's for integration purposes, it should never be allowed that the user can change values in the return URL and get an answer from DocuWare. (When Username/Password or Token is inside the encrypted URL, this is already working! However, when the users log in with DocuWare credentials or uses SSO the return URL can be changed! In my opinion this is a possible data leak.
4
votes
Harry van der Meulen
shared this idea
-
Arnoud van der Schrier commented
This change will prevent a possible data breach!
-
John van der Wulp commented
Seems more like an serious issue 🧐
-
Harry van der Meulen commented
If for some reason a customer wants the old behaviour, make a checkbox to allow changes on the URL ..