Ohhhh yeah, we didn't allow any public users to actually interact with their submissions. They were all handled individually by real people in the various affected groups who would either respond directly back to them via email or call, snail mail or otherwise handle it directly. I'm glad I never got any of those darn SQL injection vectors - would've had to bring out the heavy duty bug spray I think. ROFLOL
On Fri, Sep 18, 2015 at 9:45 AM, Jason Miller <jason.mil...@gmail.com> wrote: > ** > You beat me to it Tim! As much as I hate email integrations (well ok, > they have a place but I don't like as the first option) we used this method > when there was a need for patients to report issues with our patient > portal. It is quick to setup and you do not need to expose any of your > Remedy infrastructure to the world. Of course that was only for submitting. > Viewing and updating requests would take a little more work/integration. > > One tip... We did have an instance where thousands (if not 10's of > thousands) of incidents were created when somebody found a SQL injection > vector in the patient portal. Spending a few extra development cycles to > put a check/throttle on the Remedy side might pay off if you go this route. > > Jason > > On Fri, Sep 18, 2015 at 9:00 AM, Timothy Powell < > timothy.pow...@pbs-consulting.com> wrote: > >> ** >> >> Expanding on what Candace said, you can also have a hybrid solution >> that’s easy on the user and more secure for you. >> >> Your external web site could have all the fields you need to create the >> ticket and be user friendly. Then when the users “submits” the request on >> the external web site, the data posts to an email instead of a database. >> The post to email can be formatted as you want it to be and then sent to >> the remedy system. Then since you defined the formatting, parsing it on the >> email engine side should be easy. >> >> >> >> HTH, >> >> Tim >> >> >> >> *From:* Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG] *On Behalf Of *Candace DeCou >> *Sent:* Friday, September 18, 2015 11:41 AM >> *To:* arslist@ARSLIST.ORG >> *Subject:* Re: Making remedy available to general public >> >> >> >> ** >> >> Isabel - another possibility I have seen used at a previous employer is >> to set up some sort of email address (on or more) that can be used by >> external people outside of the system. When emails are sent to that >> address from your 'public' requester's, it can hit the system and get put >> through some filters to send it to the correct support queue or group. >> This worked very well for us with a number of different external emails >> that we needed to be able to manage inside a restricted ARS environment. >> The only requirement here is that the incoming email address must route to >> the Remedy Email Engine and not get filtered out by some other >> environmental constraints. Once it hits, set up filters looking for >> specified strings to tell it what to do from there. >> >> Hope this helps as a possible solution. >> >> Candace >> >> >> >> On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving < >> isabel.irv...@access.uk.com> wrote: >> >> Hello! >> >> We have a Remedy system which is used internally by a call centre to log >> calls on behalf of the general public. >> >> We are now thinking about whether it would be possible to allow the >> general public to log their own requests. >> >> What would you recommend in terms of authentication and security? Would >> this need a 3rd party app on the front end? >> >> We would want to make it easy for the general public to submit a >> request(and maybe to see updates or cancel a request they have raised) but >> we would also want to be sure we are not inviting hackers. >> >> I've had a search around BMC and the ARS List and haven't found any >> obvious answers - I guess there are a lot of different options out there. >> We'd be looking for something that is easily set up and that would mean we >> can add categories, business rules etc to Remedy without having to also >> update the rules and categories in a 3rd party app. >> >> Any tips? >> Thanks! >> Isabel >> >> >> _______________________________________________________________________________ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> "Where the Answers Are, and have been for 20 years" >> >> >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> > > _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
