Hi Anil and Harsh ,

Similar to the subscriber management changes, these are requirements we need in place before the end of next week. Please confirm work has begun.

Thanks,

Morgan 

Hi Morgan ,

We are working on this task and will update you soon.

Great. Thanks Harsh .

Morgan

Hello Morgan ,

This task is done and uploaded on dev.islg. Please check and let us know the feedback.

Hi Harsh and Anil ,

The changes look good on dev.islg. However, I just realized that we should probably schedule the migration on Tuesday since Ryan  and I are both going to be out of the office (it's a holiday here in Canada). I'll reschedule all the other to-do's that we're releasing next week as well.

Thanks,

Morgan

Hi Morgan and Ryan ,

This task has migrated on www.islg. We do not test the Delete and Delete All functionality on www.islg. so, Please check and let us know the feedback.

Thank you, Harsh . Delete worked well for me with a single account and when choosing multiple. I haven't tested Delete All either and will leave that up to Morgan and team for when they're ready.

The Notepad link is now gone, however, I don't have a link saved to make sure that visiting the notepad details through a direct URL. Morgan do you have a link you can test? I just want to make sure that now if an admin visits it, they can't see the data.

Thanks!

Ryan

Hi Harsh and Ryan ,

The migrated changes for the archiving system on www.islg look good. Re Ryan 's point on the direct URL's to the Notepad details, I don't have an example to test this. Harsh , could you examine whether this is still possible? Note that we want to ensure that the only way we can access Notepad details through the application is through the front-end user account. There should be no way for a admin user to access these details even with a direct URL.

Also, as we discussed this morning, we'll start work on encrypting the Notepad data on a separate SQL database, but I'll create a separate to-do for this task.

Thanks,

Morgan 

Hi Morgan and Ryan ,

We have tested above scenario and it works fine. Currently, We have given  permission only to following admin user to access the direct URL for Notepad details.

Admin User : mmaguire

For Example,

https://www.investorstatelawguide.com/subscribers/UserTrackingDetail?userid=3010

Note : For tracking the Notepad Details directly through URL, You should have to enter the userid at the end of URL (As shown in above URL)

Please check and confirm.

Hi Harsh ,

I'll let Morgan confirm, but I don't believe we want any admins to be able to access the Notepad details in any way.

Only the client user should be able to see their notepad details through the front-end.

Thanks!

Ryan

OK Ryan . If you don't want to give access the direct URL to any admin user then I will remove the access from all admin users.

Please suggest. 

Hi Harsh ,

I am confirming Ryan 's comment above. No admin user (including me) should have access to Notepad bookmark details. The only way to access this information should be through a front-end user account.

Note that this is separate from the Notepad session details, which will be accessible to admin users as they currently are.

Thanks,

Morgan 

Hi Morgan and Ryan ,

We have removed permission to direct access URL for Notepad details from all admin users on both dev.islg and www.islg.

Please check and confirm.

Great, thank you Harsh

I've attempted to access https://www.investorstatelawguide.com/subscribers/UserTrackingDetail?userid=3010 and http://dev.investorstatelawguide.com/subscribers/UserTrackingDetail?userid=3010 and received no data as expected.

Ryan

Great. Thank you Ryan and Harsh . Assuming no further migrations from dev.islg to www.islg are necessary for this to-do, I'll mark this complete.

Morgan