INSIGHTS- Security Issue with shareable dashboard?
I have recently been advised by our IT team to delete my insights dashboard due to the fact that it is publicly accessible since sharing the link. I now have to delete my current dashboard and rebuild a new one which I have been instructed not to share. The IT team advised that there is too much sensitive information that is potentially available to anyone outside the organisation without any means of password securing it.
Once you know the format of how the link is generated, you could force access to potentially a lot of sensitive information for all pipedrive customer data- much like zoom bombing.
What is the plan for insights in the future as I understand it will be replacing the dashboard function?
Rgds,
Paul
Answers
-
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
0 -
Hello @Paul McKenna .
About the topic of guessable ID's you mentioned.
dashboards are using UUID4 for calculating the dashboard ID. UUID4 has 2^128 possible combinations which means you would need to generate trillions of id's per second for years in order to have a possible hit on the same ID.
In Pipedrive case, you would also need to match the company domain together with the dashboard ID.Lastly, brute forcing this combination is also protected by rate-limiter which allows to send limited amount of requests to pipedrive to verify if your generated link is actually working.
So in other terms this solution has been deemed to be random enough to protect the users for someone "guessing" the ID and actually get access to another user dashboard.
This wiki page explains a bit deeper about the math being used on how the ID's are generated: https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_(random)
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
A secondary issue is the ability for people to share the link to multiple parties.
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
You can create multiple links for the same dashboard. Then you control access to your dashboard for each group separately. You can also rename each link to have an overview of who you shared the link with. See example below:
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
Thank you Seda,
Very relieved that I did not have to delete the dashboard. I have shared our conversation with IT and unfortunately they have advised that the risk of people sharing remains. I can live with that for the moment, but nervous about the move from the dashboard to insights.
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
What are the main things you are missing in Insights right now? I can share the next plans with you
We want to make sure that all the foremost things are available in Insights before deprecating the old dashboard. 0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
Goals v Cumulative Revenue forecast.
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
Oh that is definitely coming before we deprecate old statistics. Btw would you be interested to participate in usability testing for that?
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
Very, thank you.
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
Do let me know when/how to access. Thanks.
0 -
Seda said:
Hi @Paul McKenna ! Thank you for your feedback!
You don't have to re-build the whole dashboard. Simply delete the public link you have created. We tried to make the public link as safe as possible but I totally get your concern. We plan to add internal dashboard sharing for the Insights. Here is a temporary workaround you can use for sharing:- Open public dashboard
- Press cmd P
- Choose Save to PDF as an option
- Delete the public link
What comes to replacing the old dashboard, then yes, you are right, Insights will be replacing it. Right now we are adding all the missing pieces to Insights to be ready for the replacement.
WIll surely contact you once we have the first prototype
Thank you for your cooperation! 0
