<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Tim,<br>
<br>
On 17/02/2012 18:15, Clements, Timothy wrote:
<blockquote
cite="mid:5BCBD99B0661CD459DDC5A620B4018570962602E@GRREXCHA.varnumlaw.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi, Jules,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I'm really impressed with this product and
the ease of use. I do have one question, however, which may
be related to the level of security required.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have Captcha set up and I understand why
you would use it for someone outside the organization who
wants to initiate the sending of a file. However, when it is
a matter of someone within the organization initializing a
drop off or pick up, I would think the email with the coded
link would ensure against bot attacks, and it would not be
necessary to have someone complete the Captcha challenge in
those cases. Can you address that briefly, or alternatively,
would you consider making use of Captcha in those cases
optional?</p>
</div>
</blockquote>
In the "download" process, you can disable the captcha by setting<br>
'humanDownloads' => false,<br>
in preferences.php.<br>
<br>
The reason for it being there is that if the email containing the
link gets into the wild, anyone anywhere (and include malware robots
in there too!) can download the file as many times as they like. My
own ZendTo deployment here has already had at least 1 Distributed
Denial-of-Service (DDoS) attack that was done by exploiting this
loophole. Hence the "humanDownloads" setting to stop it. Feel free
to disable it, but don't complain if you get DDoS-ed! :-)<br>
<blockquote
cite="mid:5BCBD99B0661CD459DDC5A620B4018570962602E@GRREXCHA.varnumlaw.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks again for a well-designed product.</p>
</div>
</blockquote>
I'm glad you like it. Sorry I have taken so long to respond to your
email, things have been very busy and tiring here and I haven't had
the time to quite keep up with all my email.<br>
<br>
Cheers,<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
</pre>
</body>
</html>