Hi,

I have been joining this forum for about less than a week. So many important issues I got from this great forum until now. For example, why so important to keep e-mail address and ticket-id for log in to the system, whereas some member only want to use e-mail address to log in. Another important issue is why we are not strongly recommended to display Ticket-ID on thank you page after client submit a new ticket...

Thank you very much for all information that I got from member who explained about those in this forum! Now I understand about some of important issues of osTicket.. and also about any others important things related to osTicket that I cannot mention one by one here... :

I think that would be a good idea to collect those important issues and put them in one special forum category. So, anyone who has just joined to this forum can read all this important issues from one place rather than browse all threads in this forum. This will also reduce or avoid the same question asked more than once.

This is very common in a forum, moreover the amount of thread/post increase from day to day. And I think this is similar to FAQ that osTicket support need providing via this forum.

Any comment about this? Thanks.

Best regards,

Masino Sinaga

a month later

In response, if you only require an email address to login, anyone who knows your login can login, and look at everything that has been communicated between you and support. During these communications, passwords and usernames can be given out. This creates a huge security hole in the system. The same is true with putting the ticket id in the thank you page. If someone knows your email address, all they have to do is create a fake ticket with your email address and now they can log in and view your tickets. Emailing the ticket id requires that you have access to the email address and by assumption, have some right viewing tickets. Ideally, I think the real solution lies in a username/password login rather than email/ticket_id.

Thanks for your feedback, jpowers40828. Actually, I have known about the issue.

I post this request because: I want moderator (Corey or anyone else) should provide one sub-forum for put all topics contain of the important issue such as the one we are discussing here. Not only that issue, but so many issues I think should be explained so early.

Thus "the newbie" or those who have just used this osTicket System and or joined to this forum, would be ease to find this important issue by visitting this sub-forum. This will reduce the frequently asked questions.

Best regards,

Masino Sinaga

2 months later

I do not buy security issue

Hello,

I'm sorry, but I do not buy the security issue response. I mentioned this issue in another thread. (http://osticket.com/forums/showthread.php?t=2464(http://osticket.com/forums/showthread.php?t=2464)) The biggest reason I says this is that osTicket does not treat the ticket ID as a password and use asterisks (*****). So the same people who could possibly view the ID in the Thank You could view it when the user logs in to check a status. While not a security idea, when the user creates a new ticket, there is no confirmation email sent that requires the user to validate their email address.

There is, indeed, a need. No one is saying you have to use it if you are concerned, but it should be an option.

Right now there is no way to retrieve a ticket ID, and I do not feel email is reliable any more. So, users should be either given a password to view support requests or the option to display ticket ID in a Thank you screen or have a way to retrieve ticket ID.

Just asking the user to logon and create a new ticket can irritate users and they still may not get the email. It may prevents users from creating a ticket because it seems to imply that they need to put in all the information again. It also creates unneeded new tickets.

Regards,

Ellen Chen

Ellen,

I already responded to your other thread http://osticket.com/forums/showthread.php?t=2464(http://osticket.com/forums/showthread.php?t=2464)

Of course no one will force you to buy the reasons but at least you should read both threads.

a month later

Need One Special Forum to Explain Some Important Issues

Yes, I get a lot of "Well how was I supposed to know that?" protests, even over issues that should be common sense if there really were such a thing

If the Important information were more visible anything short of LOOK HERE, STUPID Im sure we could avoid a lot of misunderstandings from the outset.

@[deleted] - Part of the issue is the assumption that "everyone" gets it on my part! What is obvious to some of us might not be to others. ;)

We will be adding a FAQ page soon. Did you know the wiki is open to forum members?

Write a Reply...