Page History

Versions Compared

Old Version 2

changes.mady.by.user GTH

Saved on

compared with

New Version Current

changes.mady.by.user GTH

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt
Status
subtletrue
colourGreen
titleNEW V3.11
 To enhance the security of SAM and prevent malicious actors from using SAM redirection links to point users to fraudulent sites hidden behind a valid-looking URL, we have put in place additional restrictions for customers using the URL builder to generate URL with redirections. URL redirecting customers to a URL other that their SecuTix internet point-of-sale. All external URLs used in redirections must now been whitelisted in the system prior to sending the campaign.

How to get started

To address this risk, the SAM functionality will now only allow redirections to trusted sites that are whitelisted in the backend point of sales configuration. This list can be found on the " Gravity " tab, as shown on the right. Note that this security risk only applies to customers using the redirectTo parameter in the email campaign linkto redirect customers to a website other than the ticketshop.

The list consists of a single domain per line. To allow a SAM redirection to an external site (different from the point of sales), the domain of the site must appear in this list. Access is also authorized for subdomains of those listed here.

If left empty, redirections will only be allowed to the domain of this point of sale (including subdomains).

For example, to authorize redirections to https://secutix.com, the list must include secutix.com. Any subdomains of a whitelisted URL, such a subdomain.secutix.comwill also be authorized.