How Does Workflow Admin Prevent Somebody Else From Intercepting A Notification And Respond To Someone Else's Email by Forging the From address? (Doc ID 1664184.1)

Last updated on FEBRUARY 01, 2017

Applies to:

Oracle Workflow - Version 12.1.3 to 12.2 [Release 12.1 to 12.2]
Information in this document applies to any platform.

Goal

The goal for this note is to clarify how the mailer functions internally in addition what is described in <Note 1191125.1> for the following Questions:

  1. What will happen if the original recipient of the email forwards the email (with the Approve button in the email) to someone else inside or outside of the organization intentionally or unintentionally and that person clicks on Approve button. Will that person be able to approve? If yes, how to prevent it?
  1. How Oracle will ensure veracity of user responses because “From:” addresses are trivial to forge. Notification ID (NID) is only an index and is included in the notification email. In other words, How somebody else couldn’t intercept a notification and respond to someone else's email forging the From address?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms