About E-mail Listener Security
Security concerns must be addressed as the task e-mail listener effectively provides access to the Task Engine through an e-mail gateway.
In the case of task notifications, the key security considerations concern the following scenarios:
A subscribed user uses the e-mail notification to perform an action on a task he does not have permission to work with.
A subscribed user uses the e-mail notification to perform an action on a different task from the one that sent the notification e-mail.
A malicious user attempts to spoof a reply e-mail and execute an action on an arbitrarily task.
This request body created by the Task Action Link is sent to the specified e-mail account monitored by the Task Engine, encoding the following data:
TaskID—identifier of the task.
GUID—A unique, one-time security ID assigned to this notification. This is used to prevent a user from spoofing an e-mail and performing actions on arbitrarily tasks.
Action identifier—ID of an action to be performed on given task when the e-mail is processed by
Task Engine. As noted, an action is configured as a binding expression when the Task Action Link is defined, but the e-mail body does not contain the actual binding expression; instead, it contains an identifier of the action. The actual action binding expression is stored on the server. This also prevents a user from spoofing an e-mail body and executing a random action on the task.
There is no sensitive information in the reply-to body, nor does this information give a user access into the system, so it formatted with Base64 encoding.
