site security

nobin

So I installed osTicket and found out there is no security on the user part. they just start submitting a ticket by putting their details everytime. I see two issues, users may mistype their details if we don't make them login. and the site can be abused if left open like this.

what kind of authentication can be implemented on the site? if I can have some sorta ldap or any kind of authentication, that'll be great.

Thanks for your input.

ntozier

OST allows you to configure it how you like it as far as how many issues someone has open. To update a ticket, or view the status of a ticket the client would have to use a valid email address and ticket number. That is essentially the extent of the auth system for clients.

If you wanted more layers of authentication/security for clients you could utilize several different things but this is the realm of webserver site configuration, not OST.

For example, Apache admins could setup a .htaccess/.htpasswd or IIS admins could setup Windows Authentication

Yes they can always typo their own names/email addresses. There is autocomplete to minimize this.