XI email notifications Respond link (security concen)

[jwelch]

Found a thread that indicates that the notification link allows anyone that has access
to the link can gain access to XI as the user that the notification was generated for
and that this is the expected behavior.
The workaround was to use Admin->Notification Management to remove the response
url from the notification template.

I'd like to change the default email format, but that function is now only available in the Enterprise version (which we do not have)
and I"ve already used the 30 day trial to check out the audit log functionality.

How can I manually change the default email format for all new users? (don't really want to have to get 100 folks to manually change their settings, but I guess I have no choice for existing users)

---

This is expected behavior.
If you do not want the response URL in the email messages you can remove the following line from the Host/Service message either on a per user basis in the users Notification Messages, or globally in Admin -> Notification Management (in 2012)

---

[sreinhardt]

If you are on 2.2 or 2.4 there is now a configuration option that allows you to disable the auto login, on future links(2.2) or all links ever generated(2.4) without modifying the notification template.

Code: Select all

if $cfg['secure_response_url']=1 is set in the config.inc.php

[jwelch]

Thanks for the quick response. I put that line in
/usr/local/nagiosxi/html/config.inc.php
and it appears to work as expected.
(links now return: Rapid Response URL's have been secured. this link is no longer valid.)

I (and our IS department) thank you!