2016 Nov 25 7:29 AM
Hello,
following a moderator suggestion, I'm posting this question here.
When uploading a file from my PC to the community let's say in
a question I ask, parts of the storage location and my I-number are
shown to everybody as they are being part of the attachments name.
An example would be 'cusersi123456desktopcomm02.jpg'.
This should be corrected.
Hendrik
2016 Dec 14 4:41 PM
Hi everybody,
first I'm sorry that we haven't replied earlier.
This one here is an important issue - exposing sensitive information is a real no-go. Unfortunately, the way how the file name on the server is generated is a core functionality by AnswerHub (the platform SAP Answers is using). We already opened a bug ticket to the vendor to get this resolved. However, you can influence this behavior yourself by changing a setting in the Internet Explorer.
Open Tools -> Internet Options -> Security -> Custom level... and in the upcoming dialog search for Miscellaneous -> "Include local directory path when uploading files to a server". If you have this issue, it looks like that on your machine:
Set this value to disabled and you're done!
Most certainly this issue only occurs on SAP-operated machines as we have *.sap.com in the list of Trusted Sites in IE (Colleagues, just have a look there which sites are also trusted, it might be interesting). Of course, if you have *.sap.com in the list of trusted sites or you explicitly switched on this "feature" and you are not an SAP employee, this issue affects you as well.
As mentioned, we are trying to get this issue solved in the core functionality by let the system only use the file name. Until then thank you for your understanding!
Best regards,
Sebastian
for the SAP Community Team
2016 Nov 25 8:06 PM
I might expect the original filename to be visible, although that could easily be masked also I guess, but to make the whole file path, including in this case a user name, is definitely not a good idea.
Steve.
2016 Nov 30 8:10 PM
Is there a way to change this generated filename manually?
2016 Nov 30 8:25 PM
I have not yet seen this described case and I uploaded many pictures already and I see many embedded pictures and attachments during the day.
I just attached this and it has only the name, no directly, nothing from my user ID:
And yes, the displayed can be changed, click the link of the attachment and select Edit:
2016 Nov 30 8:47 PM
Hi, Hendrik:
I wonder if it has something to do with being an SAP employee -- although I've not heard of any other colleagues reporting this (or even experiencing it myself, for that matter).
Let me check with some people and get back to you...
Best regards,
--Jerry
2016 Nov 30 9:33 PM
2016 Nov 30 9:35 PM
2016 Dec 01 11:05 PM
I uploaded this in IE11, Windows 7, 32-bit, not part of a domain. I used a picture from a folder in my C drive.
I don't seem to encounter such issues.
No problems in Firefox ESR and Pale Moon either, I would have noticed that.
2016 Dec 01 11:13 PM
Windows 10 Enterprise 1511 here on my laptop, and it is reproducible. When DEV gets around to troubleshooting or digging deeper into this, I am happy to support their efforts to fix this.
2016 Nov 30 9:38 PM
Apparently Chrome only uses the file name, so I guess you can say that I 'see' the problem. Same image, trimmed to the all seeing eye - so perhaps this is unique to IE ?
2016 Nov 30 9:41 PM
Final test - comments and answers act the same in Chrome (only the file name is revealed after the upload), so if the DEV team can hear me, it would app'ear' that IE is causing this issue and not Chrome.
2016 Nov 30 9:43 PM
I provided some test cases below using IE 11 and Chrome. Problem appears to be constrained to IE - not sure about Firefox or other possible browsers.
2016 Nov 30 10:05 PM
Hi Jerry.
From my point of view it has nothing to do with being an SAP employee. I ran into the issue some days ago (w/ IE11 as Jeremy described below).
Kr
Martin
2016 Dec 01 6:31 AM
Thanks to everybody investigating this!
Indeed I only use the standard IE coming with the installation image.
So far, I did not see this in other posts I was active in and where pictures
were uploaded. Might also be related to the location where my pictures
were stored, I did not try with something else as source such as C:\tmp.
2016 Dec 01 4:24 PM
Thanks for notifying me, Martin. I have opened a bug ticket in the hopes of resolving.
2016 Dec 01 4:29 PM
Thanks for that, Jeremy...although I was tempted to downvote simply because of what you chose to photograph. 🙂
Joking aside, I updated a bug report to indicate that a) it affects more than SAP employees and b) may be limited to IE (possibly also Firefox).
2016 Dec 14 4:41 PM
Hi everybody,
first I'm sorry that we haven't replied earlier.
This one here is an important issue - exposing sensitive information is a real no-go. Unfortunately, the way how the file name on the server is generated is a core functionality by AnswerHub (the platform SAP Answers is using). We already opened a bug ticket to the vendor to get this resolved. However, you can influence this behavior yourself by changing a setting in the Internet Explorer.
Open Tools -> Internet Options -> Security -> Custom level... and in the upcoming dialog search for Miscellaneous -> "Include local directory path when uploading files to a server". If you have this issue, it looks like that on your machine:
Set this value to disabled and you're done!
Most certainly this issue only occurs on SAP-operated machines as we have *.sap.com in the list of Trusted Sites in IE (Colleagues, just have a look there which sites are also trusted, it might be interesting). Of course, if you have *.sap.com in the list of trusted sites or you explicitly switched on this "feature" and you are not an SAP employee, this issue affects you as well.
As mentioned, we are trying to get this issue solved in the core functionality by let the system only use the file name. Until then thank you for your understanding!
Best regards,
Sebastian
for the SAP Community Team