Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

My organization currently sends out emails directing our customers to login and

ID: 657804 • Letter: M

Question

My organization currently sends out emails directing our customers to login and view information on a customer portal site we have developed. The content of these emails is usually pretty generic since we prefer to send all confidential information to our customers through this secure website.

I have recently been asked if we should eliminate all URLs that link to our customer portal from the emails that we send out. The justification for this request is to deter attempts to hack our customer portal. Since this request came from executives and not security experts I would like your opinions. Would this in any way decrease our chances of our customer portal being attacked?

One more piece of potentially useful information is that a link to this customer portal is published at the bottom of our public website.

Explanation / Answer

Unless you are sending specific strings in the URL to provide pass-throughs (where a user can click to log in without authenticating) there is no more danger with out without links. The reasoning for this is, someone can stumble unto your portal as it stands (provided it is on the public Internet which it would have to be unless you established some form of SSLVPN/VPN connection to an intranet).

If your goal is to provide an exclusive connection point to a specific site intended ONLY for ONE specific client, you could create a firewall rule that explicitly allows connection from your client's netblock to that site. This ensures no one but the client from the location specified can connect.

Now you state: "a link to this customer portal is published at the bottom of our public website" so there is no more or less danger than sending it in an email. So if your goal is to minimize who can access this portal, it may be a better approach to determine where your client's connections are coming from, make a firewall rule to allow those, and deny everything else.

Related Questions

My last name starts with A so my compound is Acetic Acid. Please help. 17. A che
Question #712515
My learning style is visual learning. Read the description of the particular lea
Question #280773
My lecturer told me that when I use an arithmetic I-Type command (ADDI,SUBI etc.
Question #653007
My length is correctat 5.07m The method given tofind time in the current solutio
Question #1727144
My main problems are at the end starting with 200-PROCESS-REMINDER AND IN-DATE-O
Question #3804653
My main question is how do I do the following with declaring onlyone int value r
Question #3612837
My main question is how do you enter the data into minitab. I can\'t seem to kno
Question #3175132
My main question is how would I create the connection on the breadboard using an
Question #3583436
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
My organic chemistry teacher asked \" How helpful did you find the “farmer with
Next
My organization finally upgraded to MS Visual Studio 2010 this year. One of the

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.