[rt-users] GPG related question about RT data in the database

Joop jvdwege at xs4all.nl
Tue Jun 17 16:00:06 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 17-6-2014 20:55, Kevin Falcone wrote:
> On Sat, Jun 14, 2014 at 05:59:44PM +0200, Joop wrote:
>> AllowEncryptDataInDB: allows encrypted data in the database.
>>
>> While having this set or unset I don't see any difference in the
>> contents of the attachments table contents.
>
> It shows an Encrypt/Decrypt link on Transactions in a ticket history.
> You can then choose to encrypt/decrypt a given transaction so it's
> encrypted in the DB.
Thanks Kevin for your answer. I didn't link this pref with the
Decrypt/Encrypt links in the transactions.

Follow up question on this is: It is the admins responsibility to use
the correct RT permissions to make sure not everyone can see the content
of all tickets.
My first and colleagues too reaction was that if someone doesn't have a
pgp key that they shouldn't be able to see the ticket but that is not
true. Ticket content is visible because the queue private key is
available isn't it?

So correct workflow would be: Create Queue_with_sensitive_data, setup
pgp on it, create group and assign RT privs to it, put the correct
people in the group.

Joop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
iQEcBAEBAgAGBQJToJ5GAAoJEMzCRpXkwiioGmQIAIUkv33xCXVO9l3lPMS5JEf1
Ua0n9D1NOwhZ9Z18DiMflK9Z+SUnO5oJuJbfTxYF5KnPX7RtsMNoDJxWjM8NobR6
0hLu+C3BE6hhDw5NQSXC6U67Tzb0a5kvUCmNFkbi6Jiu8kKamyPmHNmaL1X3v0Hl
7M95lINeJ29orrZBmatEuRLw54xDG35ae6oj6Ghcgob5wa/auIpGWGUVFdoL+zLu
SWwA+QhVAon/EZ550kiMSjvqMdtUU/dUEG8K9GlEW726n6pHVzDqGOTn6t1ea89f
P60QDwN6gRZd1OqKi5rE3Wcfo8g6LwFsX3dfmpEstx5eE4c9GfkZnE+OmzSoHio=
=uMO7
-----END PGP SIGNATURE-----




More information about the rt-users mailing list