Explore the community Forums Lectora Lectora Questions & Answers ReviewLink and Security Concerns

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #282869 Score: 0
    Profile photo of Ben Lucero
    Ben Lucero
    Member
    beginner
    intermediate
    profile
    picture perfect
    wise owl
    @blucero

    Hi All,

    We’ve been using ReviewLink since it came out and use it extensively with our customers and really like the way it works. Those of you who use RL know that new users receive an email message indicating their new ReviewLink status and are prompted to change their randomly assigned password. When this is completed, an email message is sent to the user with their login and password in the same message. One of our IT security employees saw this and made us aware of the company security policy violation. One of the concerns is employees are using their internal network passwords as their ReviewLink password. Additionally, the email is sent in a non-secure format. So as of three weeks ago, we are not allowed to use ReviewLink at all. Aargh! Trivantis has been notified and understands the concern. There is no indication that a solution is coming anytime soon. Anybody have the same problem and if so, do you have a workaround?

    We’ve already thought of informing our employees to use another password, but this isn’t enough to satisfy our IT department. Thanks for your thoughts!

    #286243 Score: 0
    Profile photo of rwalters
    rwalters
    Member
    contributor
    beginner
    intermediate
    advanced
    curious george
    wise owl
    7 pts
    @rwalters

    This is a huge security flaw. So far my workaround has been to warn people not to use a password they use for other websites as it sends the password unencrypted in an email. This has received some complaints but so far we have still been able to use it.

    #286242 Score: 0
    Profile photo of MShawn63
    MShawn63
    Member
    @MShawn63

    That is something I had not thought of and we use ReviewLink frequently with all of our internal customers. I’m going to have to now go ask the question of our IT group about it. Thank you for making us aware of this.

    #286244 Score: 0
    Profile photo of Renee Hansen
    Renee Hansen
    Member
    @grhnasen95

    I love ReviewLink but am working with a new client that has security concerns about putting our courses on the cloud.so now I need to provide information that it is secure. Well I am already concerned because this topic above is still an issue where the username and password are both sent in an email… Did anyone else do research for their company and found that it is secure?.. or is not secure enough for them to use? I did find out that ReviewLInk is hosted in Amazon’s cloud but need to put some documentation together for the client to make a decision. Any information would be helpful.. Thanks

    #324339 Score: 0
    Profile photo of Karen Jensen
    Karen Jensen
    Member
    beginner
    intermediate
    curious george
    wise owl
    friend finder
    contributor
    3 pts
    @Karen Jensen

    This is on the Trivantis site frequently asked questions. I have never had an issue with RL:

     

    <span class=”fl-accordion-button-label”>Is ReviewLink secure?</span> <i class=”fl-accordion-button-icon fa fa-minus”></i>
    <div class=”fl-accordion-content”>

    All content published to ReviewLink and data transmitted between Reviewers and Publishers is private, secure, and password protected. ReviewLink is hosted on a secure server using a multi-tenant architecture, and all pieces of content are individually firewalled. For data integrity security, all data is stored in a SQL database that is accessible only from the ReviewLink application server. The files are never stored directly to a disk file that is accessible externally. All data is transmitted and received between Lectora and ReviewLink using 128-bit AES encryption. All content and comments are password protected such that it cannot be accessed without being logged into the system.

    </div>

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.