Disable file attachment URL sharing, require login

Youtrack has the feature where attachment URLs are generated with a signature that grant access through a token. They can be shared to those without a login.

Browser copied URLs last 3 days and notification email URLs last 2 weeks.
Documented here: https://www.jetbrains.com/help/youtrack/standalone/Add-an-Attachment.html#links-to-issue-attachments

We would like to disable the token-based access to attachments and always require login. Is there a setting or experimental feature that would accomplish this?

This convenience feature is not intuitive, and seems like it should not be enabled by default, or at least should be removable for security requirements.

1 comment
Comment actions Permalink

It is not possible to disable token-based access to attachments.
If you suspect that some user has shared a link to a file with sensitive information, you can either restrict the visibility of the issue/comment with the attachment to exclude the user who attached the file, or delete the file completely.


Please sign in to leave a comment.