File name for attachments

#1

I see Infinity with a lot of potentials and with just a few little things updated it could be used to resolve many important jobs in my larger team.

One of the little things is the displayed filename in various views (Table, Columns etc).

From the screenshot of a Table view below, you see there are multiple files attached to an item.

  1. How does an user determine which icon reflects which specific file?
  2. With mouse over, the browser shows the direct URL (on AWS) to the file with a random filename. With the randomized filenames, the user still cannot determine which specific file it is.
  3. In the item’s detailed view, only the first 10 characters or so of the file name are displayed.
  4. In the Columns view, the filename is simply missing, even when the atttribute is enabled.

Suggestion: Display the filenames with mouse over or replace the icons with the file names.

Also an extended question to (2) but not related to the filename display, is anyone with the link could open the file without having access to Infinity. So the files are not access controlled. That’s a huge security concern in a multi-team or multi-company collaboration environment. Until integrations to the various cloud drives are done, It probably should at least be masked and redirected only through Infinity.

But what are those files? How does an user tell which file to use?

image

0 Likes

#2
  1. In table view I can see the full name when I hover over the icon and wait for 2-3 seconds. So part of your suggestion is already implemented :wink: Though it doesn´t work in the item-detailed-view. I agree that should be more consistent. I would also suggest that the filename is shown quicker, so if you need to check out 5 pdfs you don´t have to spend 10-15 seconds on it. For images it´s easy to see, because you have the thumbnails.
    I disagree with you on replacing the icons with the file names, because this would need too much space to display. It might be a good idea for the detailed for pdfs and other text documents to use a list of attachments. But it´s not a good idea for pictures.

  2. As far as I can see, the files are not access controlled. I can open my files using the aws-link whether I´m logged in or not. And also they are not deleted on aws when I delete them on infinity, which is probably due to backup/restore reasons. But the access for everyone that knows the link has to be changed especially in regards to GDPR.

1 Like

#3

I just did some testing and found that hover does work under Firefox but not for Safari (macOS).

0 Likes

#4

Hey guys! @j11, @micck!

I’ll make sure to forward this issue to the team and see what we can do about this. :slight_smile:

I’m especially concerned about the security stuff (accessing the file/AWS).

Thank you very much, details like these are really helpful!

0 Likes

#5

Regarding the security issue: While I cannot easily retrieve the AWS link through infinity as easy as before, I still can access any attachment without login on to AWS as long as I know the link structure: https://###########.amazonaws.com/item-files/digit-code/letter-code.file-ending So still anyone with the link can access my data. I´m not sure whether that means that any robot scanning your AWS address will also be able to access, but I assume that it´s possible, because it´s not password protected. So that´s probably still a no go for confident business data, not to speak of personal data especially payment information in regards to GDPR.

2 Likes

#6

This has been put into “Urgent” column, guys. Thanks for all the effort.

We’re definitely fixing this in the upcoming days.

2 Likes

#7

Great pickup! Glad this is getting sorted!

1 Like