It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,884
×4,712

question asked: Nov 16 '12, 3:34 p.m.
question was seen: 4,118 times
last updated: Nov 19 '12, 2:30 a.m.

Related questions

Why are project invites sent from a user email than normal notifications sent from a server account?

0
Carson Holmes (11113544) | asked Nov 16 '12, 3:34 p.m.
Why are project invites sent from a user email and normal notifications sent from a server account?

Can't they all be from the server account?

"The IBM CLM tools perform email spoofing (attempting to send emails on behalf of the requesting user's email) when sending team invites. This is very bad for email security because it is letting the server impersonate someone else. Should the server be compromised by a hacker, it would allow a hacker to send emails on behalf of anyone in the organization and it would be very difficult to tell they were fake."

Anyone on this forum know if this issue has been raised?  Is there a Work Item open?

3 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
sam detweiler (12.5k6195201) | answered Nov 16 '12, 7:30 p.m.
the invites are caused by a person, not automatically.

As administrator I invite people to projects all the time. the server is not inviting anyone.

as for workitem changes, which can be automated (altho from a registered worker userid),
these are sent by the server, and include the originators name and email.

so, I don't see this as a problem.. the server is not impersonating

Sam
0
permanent link
Carson Holmes (11113544) | answered Nov 17 '12, 7:20 p.m.
edited Nov 17 '12, 7:21 p.m.
Sam,

Right.  Ideally this would be right.  Unfortunately, when one large organization collides with a third party RTC hosting company, (e.g. IBMSmartCloud), the hosting party server may not be trusted to send corporate email.  Some organizations might not care, but others are sensitive to security and can't expose this as a vulnerability.

What I want is a work item for this:
Need an option in the email settings "Send team invites on behalf of the requesting user" with a default value of "False".


0
permanent link
Elisabeth Carbone (616108) | answered Nov 19 '12, 2:29 a.m.
JAZZ DEVELOPER
edited Nov 19 '12, 2:30 a.m.
Hello Carson,

there is a work item about this. See
Send team invitations from default Mail user instead of currently logged in user (228686)

/Elisabeth

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.