Our support hours are 24 hours a day Monday to Friday
  www.qorusdocs.com

Follow

Enhancements

Private Allocations Security Enhancement

Overview

When an allocation is created, the contributor will receive an email alert which contains a hyperlink to the Web Contribution Page. Because a user can only create an allocation for a valid Breeze user, in earlier versions of Breeze there was no additional authentication when the contributor opened the hyperlink from his/her email to the web contribution page.

The onus was on the Breeze users to ensure that the allocation alert emails are not distributed to non-Breeze users.

However in earlier versions of Breeze, if a non-Breeze user got hold of such an email, he/she would have been able to access the web contribution page and view and update data. The purpose of Breeze 2.4 Update 1 is to address this security flaw.

 

 Changes in the new release

After deployment of Breeze 2.4 Update 1 all users who attempt to access the Private Allocations Web Contribution page will be required to log in to Breeze first.

This means that if a non-Breeze users manage to get hold of the Allocation Alert Email, he/she will be required to log in first. If the user does not have a valid Breeze account, the log in attempt will fail and the user will not be able to access Breeze data.

 

 

Once a valid Breeze user has logged in to the Allocations Web Contribution page, standard session management rules will apply. This means that the user can log out and terminate the Breeze session from this page. It also means that if the user was already logged in to Breeze at the time of opening this page, he/she would not need to log in again.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk