Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-51854

Weird and potentially insecure attachment deletion

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      When an attachment is deleted it still appears in searches and can be accessed.  This is a potential security issue if a user accidentally uploads privileged information and needs to clear it.

      Removing old page versions does not fix this problem.

      Purging the attachment from the space's trash does remove it from searches.  After this action, an old link to the attachment produces a strange "dead end" page with a blank attachment overlay and no exit or home link. PageDisplayedFromDeletedAttachmentLink .png 

      I would expect that when a user deletes an attachment it becomes invisible.  The action to should not require a space admin.

      The page produced from an old link to a removed attachment could also be improved with a message and escape option.

        

              Unassigned Unassigned
              02128eaf8ea1 Jim Birch
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: