Constituent attachments download in web view

Bobbi Rawlings
Bobbi Rawlings
Second Anniversary Participant Facilitator 1
in Blackbaud Raiser's Edge NXT®: General Discussions

We have found that if we look at a constituent's attachments in web view, the attachment will download to the viewer's computer into the download folder. Not good when this information is proprietary. Does anyone know how to force the document to open in a browser window and NOT download to the viewers download folder? I've tried right clicking on the pdf icon and opening the document in a different tab or window. But it keeps downloading the document!

5fe0dfc73a69ed82de8d8ec94ba32b4f-huge-im

Comments

  • Karen Diener
    Karen Diener Community All-Star
    Tenth Anniversary Kudos 5 First Reply Name Dropper

    @Bobbi Rawlings Really good question! I don't think it is possible, but hoping someone can prove me wrong!

    Karen

  • Faith Murray
    Faith Murray
    Tenth Anniversary Kudos 5 First Reply Name Dropper

    @Bobbi Rawlings
    This needs added to the Idea Bank!

    On the coin side, since all data in Raiser's Edge is proprietary, and your users have the ability to run Lists, see giving history, etc. – I think this relates to the larger issue of having a non-disclosure agreement upon employment and only providing access to trusted staffers. Those users who are not trustworthy enough to access proprietary information (and respect company download policies) should have viewing privileges restricted under Security. Company policies should include minimum antimalware software on any company/personal device that may access RE, to prevent password pilfering and unintended data ransoms.

  • Dariel Dixon
    Dariel Dixon Community All-Star
    Seventh Anniversary Kudos 5 First Reply PowerUp Challenge #3 Gift Management

    @Bobbi Rawlings This is going to be a really provocative question. I vacillate about this because I can see the use case for both. I think it's worth noting that in the image that you have the attachments are all PDFs. While I don't necessarily agree with the practice, you can attach editable documents like spreadsheets and Word documents. I believe that if you upload an attachment to a record with the same name as a previous document, it overwrites the previous version. There may be a time when you want to have an editable document on a record, and having to manipulate it within a browser may be undesirable.

    I don't know if the issue of a download versus a link is really negating any security risks or not. We hope that staff are not accessing RE from public computers and are using employer issued devices, we know it can happen. Like @Faith Murray mentioned, that's where confidentiality agreements and having an IT staff that will make sure drives are encrypted comes into play. Having a document open in a browser is irrelevant if it is not a link and is opening from a cached location locally. I'm not sure if it is possible to have documents open as links, or if that is a bigger security vulnerability. Having them download to the default location also allows for easier cleanup and deletion when the user is done with them.

    All that said, I think it does deserve to be in the idea bank to at least start the conversation with the developers.

Categories