Removing content from client messages

Hello,

We are testing RT for our support system. Sometimes users include
sensitive information in their email that we must remove for security
reasons. The web interface does not support editing users email. Is
there any way we can do this?

TIA,

Anne
Anne Wilson UCAR Unidata Program
anne@unidata.ucar.edu P.O. Box 3000
Boulder, CO 80307
Unidata WWW server http://my.unidata.ucar.edu/

RT doesn’t support changing history. Here are two ways
that this might be done:

  1. Direct manipulation of the database.

  2. Permanently delete the ticket with Ruslan’s RTx::Shredder.

It would be nice if RTx::Shredder could delete a transaction. Then
again, maybe it can; I never looked.

-ToddOn Tue, Dec 14, 2004 at 02:49:48PM -0700, Anne Wilson wrote:

Hello,

We are testing RT for our support system. Sometimes users include
sensitive information in their email that we must remove for security
reasons. The web interface does not support editing users email. Is
there any way we can do this?

TIA,

Anne


Anne Wilson UCAR Unidata Program
anne@unidata.ucar.edu P.O. Box 3000
Boulder, CO 80307

Unidata WWW server http://my.unidata.ucar.edu/



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT wiki at http://wiki.bestpractical.com

Thanks Todd,

Yes, looks like it’ll have to be through accessing the db directly. We
don’t want to delete messages entirely because we want the history.

As I mentioned to Jason D., I think we’d have to write a tool that takes
as input the string we want to sanitize. The tricky part would be
remembering to do that at the right time. Would that be a function we
could call from a scrip? Or, would we have to get deeper into the code
to call such a function at the “right time” from RT?

Anne

Todd Chapman wrote:

RT doesn’t support changing history. Here are two ways
that this might be done:

  1. Direct manipulation of the database.

  2. Permanently delete the ticket with Ruslan’s RTx::Shredder.

It would be nice if RTx::Shredder could delete a transaction. Then
again, maybe it can; I never looked.

-Todd

Hello,

We are testing RT for our support system. Sometimes users include
sensitive information in their email that we must remove for security
reasons. The web interface does not support editing users email. Is
there any way we can do this?

TIA,

Anne


Anne Wilson UCAR Unidata Program
anne@unidata.ucar.edu P.O. Box 3000
Boulder, CO 80307

Unidata WWW server http://my.unidata.ucar.edu/



http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT wiki at http://wiki.bestpractical.com

Anne Wilson UCAR Unidata Program
anne@unidata.ucar.edu P.O. Box 3000
Boulder, CO 80307
Unidata WWW server http://my.unidata.ucar.edu/

Yeah, we can’t do it before the ticket receiver sees it because that
person needs the info for support purposes and also to identify any
sensitive strings.

I guess what would be ideal would be if, once someone owns a ticket,
after any further email from that client RT would somehow query the user
to invoke the “sanitize” function. (This is assuming no one would send
us sensitive info in an initial contact.) So, after each subsequent
exchange with a client RT would ask “Sanitize?” and if the user said yes
it would query for a string and sanitize it in the db.
Any idea how hard would it be to add such a hook to RT? (assuming we
write the actual sanitizing code).

Anne

Rick Rezinas wrote:

you can probably in the mailgate script, unless you want the sensitive
information visible to the person who receives the ticket initially but
do not want it stored in the database, in which case you’ll need to
delve deeper.

Thanks Todd,

Yes, looks like it’ll have to be through accessing the db directly. We
don’t want to delete messages entirely because we want the history.

As I mentioned to Jason D., I think we’d have to write a tool that takes
as input the string we want to sanitize. The tricky part would be
remembering to do that at the right time. Would that be a function we
could call from a scrip? Or, would we have to get deeper into the code
to call such a function at the “right time” from RT?

Anne

Anne Wilson UCAR Unidata Program
anne@unidata.ucar.edu P.O. Box 3000
Boulder, CO 80307
Unidata WWW server http://my.unidata.ucar.edu/

We would like to be able to clean up what is in a ticket too. I understand
that allowing someone to pull up a section of the comments would probably be
technically difficult and would raise security questions. It would also
make the RT ‘master’ copy different than what has been transmitted through
email. You could mitigate some of those issues by keeping versions of each
comment section and restricting who has the ability to invoke an ‘edit’.From: Anne Wilson [mailto:anne@unidata.ucar.edu]
Sent: Tuesday, December 14, 2004 7:46 PM
To: Rick Rezinas
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Removing content from client messages

Yeah, we can’t do it before the ticket receiver sees it because that
person needs the info for support purposes and also to identify any
sensitive strings.

I guess what would be ideal would be if, once someone owns a ticket,
after any further email from that client RT would somehow query the user
to invoke the “sanitize” function. (This is assuming no one would send
us sensitive info in an initial contact.) So, after each subsequent
exchange with a client RT would ask “Sanitize?” and if the user said yes
it would query for a string and sanitize it in the db.
Any idea how hard would it be to add such a hook to RT? (assuming we
write the actual sanitizing code).

Anne

Rick Rezinas wrote:

you can probably in the mailgate script, unless you want the sensitive
information visible to the person who receives the ticket initially but
do not want it stored in the database, in which case you’ll need to
delve deeper.

Thanks Todd,

Yes, looks like it’ll have to be through accessing the db directly. We
don’t want to delete messages entirely because we want the history.

As I mentioned to Jason D., I think we’d have to write a tool that takes
as input the string we want to sanitize. The tricky part would be
remembering to do that at the right time. Would that be a function we
could call from a scrip? Or, would we have to get deeper into the code
to call such a function at the “right time” from RT?

Anne

Anne Wilson UCAR Unidata Program
anne@unidata.ucar.edu P.O. Box 3000
Boulder, CO 80307
Unidata WWW server http://my.unidata.ucar.edu/

http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT wiki at http://wiki.bestpractical.com

------------ PGI Internet E-mail Confidentiality ------------ Please note:
This message may contain information which is privileged and confidential.
If you are not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you believe you have received this message in error, please
forward to Postmaster@pginw.com.

------------ Confidencialidad de Correo Electronico de PGI ------------
Nota: Este mensaje puede contener informacion privilegiada y confidencial.
Si usted no es el destinatario, esta notificado que cualquier diseminacion,
distribucion o copia de esta comunicacion esta estrictamente prohibida. Si
usted cree que ha recibido este mensaje por error, por favor reenvielo a
Postmaster@pginw.com. (Informacion intencionalmente sin acentos)

We would like to be able to clean up what is in a ticket too. I
understand that allowing someone to pull up a section of the comments
would probably be technically difficult and would raise security
questions. It would also make the RT ‘master’ copy different than
what has been

I could use it for those times when our ever-so-smart customers email
us large attachments for no reason. I’d like to purge the attachment
frp, the DB after extracting it, but leave a record that it was once
there.

Just a wish-list item that I’m throwing out there…