Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-51854

Weird and potentially insecure attachment deletion

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • None
    • None
    • 0
    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      When an attachment is deleted it still appears in searches and can be accessed.  This is a potential security issue if a user accidentally uploads privileged information and needs to clear it.

      Removing old page versions does not fix this problem.

      Purging the attachment from the space's trash does remove it from searches.  After this action, an old link to the attachment produces a strange "dead end" page with a blank attachment overlay and no exit or home link. PageDisplayedFromDeletedAttachmentLink .png 

      I would expect that when a user deletes an attachment it becomes invisible.  The action to should not require a space admin.

      The page produced from an old link to a removed attachment could also be improved with a message and escape option.

        

              Unassigned Unassigned
              02128eaf8ea1 Jim Birch
              Votes:
              5 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: