Re: [dl-ticket-service] How best to resend ticket after initial creation
On Sat, Apr 02 2016, Mike Morris wrote: >> The password is hashed for both, so you can only check whether it >> matches against the user/ticket, but you cannot recover it. > > Ahhh, of course. So keeping a separate table of emails the ticket was > issued to, and their password, is definitely overkill. Adding tracking at least of the email address is something that I'd like to implement eventually. Knowing which email address has downloaded your ticket, besides being nice to know, allows to have finer-grained permissions of a ticket expiry (as in: do not expire until *all* addresses have downloaded at least once). > My "use case" is not about the large file capabilities, but more the > security. I'm sending confidential docs 1 at a time to an audience of 50 > people or so, who request them occasionally. Most of my tickets will > probably be permanent, and I will reissue them several times a month as > requests come in. Having a history of who I sent to would be an > interesting exercise for me to track, that's all. Some of them are docs > that don't change much over time, people just lose their copy, or get a > new PC or something and don't have it anymore. DL was always more aimed at ephemeral transfers. That is: the main goal is automatic cleanup. You might use that to your advantage in this case. Do you use linux and/or have some basic scripting knowledge? If yes, I would actually send individually-generated tickets (one per address) to each recipient, with a random password for each, ~30 days fixed expiry and 1 download limit. You have "dl-cli.py" to generate a ticket on the fly from the command line. This would have some advantages: - the password is not shared - the ticket becomes useless if not acted upon - you know which users downloaded the document (in this scenario, the automatic download notification might already be enough!). Which makes more sense if you want to encourage users to act on it. In this case the remainder is necessary to renew the credentials as well. If your aim is really to have a fixed document URL with a shared password, maybe an https DAV server would make more sense. You just upload the document and setup a password for it. Incidentally, there's also a thunderbird extension to use a WebDAV server for attachments, although I never used it personally. It might also fit the bill.
Re: [dl-ticket-service] How best to resend ticket after initial creation
On 04/01/2016 01:29 PM, Yuri D'Elia wrote: On Fri, Apr 01 2016, Mike Morris wrote: The "fanciest" option is really the Thunderbird extension: https://www.thregr.org/~wavexx/software/dl/thunderbird.html [just posting here in case you missed it] I rarely use the web interface myself. I haven't tried the Tbird extension yet; for some reason, while looking at DL-ticket originally, I had the foolish notion in my head that if I used the Tbird extension, the recipient needed it too, but of course that's nonsense! The password is hashed for both, so you can only check whether it matches against the user/ticket, but you cannot recover it. Ahhh, of course. So keeping a separate table of emails the ticket was issued to, and their password, is definitely overkill. * Resending essentially identical emails... (copy the URL definitely works; I can copy/paste the comments too... so this is just a "nice to have" now that I think about it) * Being able to get a list of addresses to which a ticket has been sent Just curious here: why do you need to resend? I understand if you missed one address, but from the above I feel there's something more going on. My "use case" is not about the large file capabilities, but more the security. I'm sending confidential docs 1 at a time to an audience of 50 people or so, who request them occasionally. Most of my tickets will probably be permanent, and I will reissue them several times a month as requests come in. Having a history of who I sent to would be an interesting exercise for me to track, that's all. Some of them are docs that don't change much over time, people just lose their copy, or get a new PC or something and don't have it anymore. Thanks again Yuri!
Re: [dl-ticket-service] How best to resend ticket after initial creation
On Fri, Apr 01 2016, Mike Morris wrote: >> There's no track of which e-mails a ticket as been sent to. When you put >> a list of addresses, DL just composes a list of emails and sends them in >> one go for you, nothing fancy. > > Actually, that's pretty fancy compared to what I was doing :-) The "fanciest" option is really the Thunderbird extension: https://www.thregr.org/~wavexx/software/dl/thunderbird.html [just posting here in case you missed it] I rarely use the web interface myself. >> But there's one catch. When creating the ticket, the password is known >> and is generally included in the email. >> >> When editing a ticket, the password is no longer known to DL. > That's a big problem... security vs convenience, again!!! > > How much trouble would it be to store the ticket password encrypted with > same algo as user passwords? The password is hashed for both, so you can only check whether it matches against the user/ticket, but you cannot recover it. > * Resending essentially identical emails... (copy the URL definitely > works; I can copy/paste the comments too... so this is just a "nice > to have" now that I think about it) > * Being able to get a list of addresses to which a ticket has been sent Just curious here: why do you need to resend? I understand if you missed one address, but from the above I feel there's something more going on.
Re: [dl-ticket-service] How best to resend ticket after initial creation
On 04/01/2016 04:12 AM, Yuri D'Elia wrote: There's no track of which e-mails a ticket as been sent to. When you put a list of addresses, DL just composes a list of emails and sends them in one go for you, nothing fancy. Actually, that's pretty fancy compared to what I was doing :-) The easiest option would be to send the link yourself (copy the download link and you're set). Yes; definitely what I'll do for now, at least. What we could add is another field "Resend e-mail to", which makes it clear that you're sending a *new* email to the requested addresses. Yeah, that's what I was envisioning; would be great... but But there's one catch. When creating the ticket, the password is known and is generally included in the email. When editing a ticket, the password is no longer known to DL. That's a big problem... security vs convenience, again!!! How much trouble would it be to store the ticket password encrypted with same algo as user passwords? The main things I'd love to see are: * Resending essentially identical emails... (copy the URL definitely works; I can copy/paste the comments too... so this is just a "nice to have" now that I think about it) * Being able to get a list of addresses to which a ticket has been sent Like I said, DL-Ticket is already a huge timesavor (pun intended) over what I was doing, so I know I'm pushing my luck - just thought I'd ask :-) Thanks for the prompt reply Yuri!!!
Re: [dl-ticket-service] How best to resend ticket after initial creation
On Fri, Apr 01 2016, Mike Morris wrote: > Hi, > > Thanks to the authors for this handy tool! > > Most of the GUi is pretty self-explanatory, but perhaps I've missed this: > > * Is there currently a way to enter a new email address to send a 2nd > copy of the ticket to, after the initial send? I expected to see an > email address field on the Edit Ticket screen, but it's not there. There's no track of which e-mails a ticket as been sent to. When you put a list of addresses, DL just composes a list of emails and sends them in one go for you, nothing fancy. The easiest option would be to send the link yourself (copy the download link and you're set). > Or is there a formal Enhancement Request process I could follow? What we could add is another field "Resend e-mail to", which makes it clear that you're sending a *new* email to the requested addresses. But there's one catch. When creating the ticket, the password is known and is generally included in the email. When editing a ticket, the password is no longer known to DL.
[dl-ticket-service] How best to resend ticket after initial creation
Hi, Thanks to the authors for this handy tool! Most of the GUi is pretty self-explanatory, but perhaps I've missed this: * Is there currently a way to enter a new email address to send a 2nd copy of the ticket to, after the initial send? I expected to see an email address field on the Edit Ticket screen, but it's not there. Or is there a formal Enhancement Request process I could follow? Thanks again!
