ForumsQuestionsSharing exposes info it shouldnt


Sharing exposes info it shouldnt
Author Message
ProBC

Posted: Oct 16, 2013
Score: 0 Reference
I am trying to make use of the Collaboration and Sharing features in toodledo with a co-worker and stumbled upon a situation that i deem as critical.

After setting up the coworker with access to view/edit my workspace, we then used his account to test and after logging in we switched to my workspace with the dropdown option in the upper left. Everything appears fine so far, but when I clicked on the 'View By - Sharing' option from the menu, it displayed a list of all of my other collaborators that have nothing to do with the current account we are logged in under.

My concern here is if I collaborate with someone, they should not be seeing any data or references to any other person within my account at all. This becomes a security/liability problem in my point of view by exposing data that should not be seen.

The 'View By - Sharing' menu option should only list 'From Anyone, From Myself, and anyone else that is actually assigned properly in the collaborators settings'.

Can this bug be addressed very soon?
Jake

Toodledo Founder
Posted: Oct 16, 2013
Score: 0 Reference
This is currently how it is designed to work. If you collaborate with someone using the "workspace sharing" feature, they are essentially you and can see everything that you can see. Collaborators with permission to view your workspace will be able to see all your locations, tags and other collaborator's names. The only exception is private folders, contexts and goals which will always be hidden from collaborators.

Besides collaborator names, what other information do you think is important to hide from collaborators?

If you do not want to share all this information, then my suggestion is to use the "joint task sharing" option instead of the "workspace sharing" option. With the joint task sharing option you can control exactly what information your collaborators see.
ProBC

Posted: Oct 27, 2013
Score: 0 Reference
The joint tasks feature is fine for its purpose, but I feel that if the Workspace features are enable and an allowed collaborator switches into My Workspace, he should only see stuff explicitly allowed to him. From my standpoint as a project manager, I have a number of sub-contractors that i am trying to get using your product to help us manage our tasks, but if they have the ability to see information unrelated to them (including the names of other sub-contractors of mine) then I simply can not endorse toodledo as a solution to them.

There should either be a setting to allow everyone to see everything (including other collaborators names), and the ability to prevent this from occuring so that collaborators are kept in isolation and only see what they are supposed to.

BTW: I just paid the upgrade for my own account into the Gold subscription. I'm really hoping to try and make the system do more for me.
Jake

Toodledo Founder
Posted: Oct 28, 2013
Score: 0 Reference
What we will do is make a checkbox in the sharing setup page called "Allow collaborators to see names of other collaborators" and it will be a global setting. I have put this on my to-do list, but I have no ETA for you at this time.
ProBC

Posted: Oct 29, 2013
Score: 0 Reference
Excellent. This should help enhance the overall security/privacy when dealing with my sub-contractors.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.