Upcoming: New restrictions on Forms File upload access

mwelch
HubSpot Alumni
What's happening?

We are going to change form file upload urls to require HubSpot users authentication for access/download.

 

New file links will be in the following form: 

https://api.hubapi.com/filemanager/api/v2/files/123/signed-url-redirect?&portalId=123&filename=examp...

We will also change the accessibility of old files. We will update the old file urls on the submissions and contact records. The old, publicly accessible links will cease to work at that time and will return 404 responses.

 

Why is this happening?

HubSpot forms handle a lot of different kinds of information, some of which may be private in nature. To foster trust and ensure proper data handling, we will require HubSpot users authentication to access files uploaded via these forms.

 
When is this happening?

This change is happening on October 16, 2019.

 

Please join the conversation here if you have any comments or questions.

 

Edit (11/07/2019): Link to update on changelog.

72 Replies 72
KeyWestScott
Key Advisor

Any chance of you sharing the "workarounds"?  Not to be pesimistic, but the original plans didn't work out too good....

 

Thanks.

Scott

0 Upvotes
mwelch
HubSpot Alumni

Hi Everyone,

Thank you for your continued patience as we work out how to address the concerns that have been raised here. I’m pleased to report that we have a solution that will address many of those concerns while still maintaining the secure environment on which HubSpot prides itself.

Starting Monday, November 4th URLs for files uploaded via HubSpot forms will have new authentication support. The current implementation supports browser-based app authentication, which enables a user logged in to HubSpot on a browser to download files via that browser. On Monday, we’ll add OAuth header and HAPIkey support. So you’ll be able to retrieve files using standard authentication mechanisms.

Also on Monday, we’ll start migrating existing file URLs to this new format and support. This migration may take a day or two.

We strive to deliver a secure, powerful platform on which our customers can build great experiences. We appreciate the passionate feedback we’ve received over the past few weeks on this issue. 

Thanks,
Matt

0 Upvotes
KeyWestScott
Key Advisor

Matt, so this "user", what security within HS will this user have/require?  Remember, that for most of the folks that have commented here, this user, will have no other responsibility/duties/needs other than to retrieve the file.

 

Without a locked down security profile, this is no more secure than whatever the perceived sercurity risks (that I've yet to find an explanation behind) that brought on this original change.

 

For our application, our process is fairly simple (I do understand that others have more complex setups).  

 

Job resume submission - 

  1. Applicant fills out a form and attaches file to the form
  2. HS takes the form information and file and emails it internally to our HR representative
  3. Representative opens/retrieves the file.

Easy Peasy.....  I do not want this person to have any access to any part of the HS platform outside of getting this forms information and file.  No access to any dashboards, reports, marketing, social - Nothing, Nada, Zilch.

 

Scott

 

cjisndenial
Participant
Scott we did that for a while before we got our automation working. We setup a user who had every permission turned off except files. They could log in to hubspot but basically had a blank UI. They couldn’t even navigate to the Files UI. But they could click the file links in form submission emails and retrieve those.
0 Upvotes
tylerstouder
Participant

@cjisndenial  -

 

This wouldnt work for a large company like ours.  We aren't goin to create a large number of logins and expect our team to try to remember another password for a software that is irreleavant to them to use. 

 

0 Upvotes
rgmatthes
Participant

Just wanted to mention that I'm cautiously optimistic about the solution being rolled out, barring no additional surprises. The update will allow us to deliver our files as needed with minor additional build. We can handle that. We also care about securing the data in these files. We do want to be able to tell everyone using this system that their information is protected.

 

That said, HubSpot really needs to work on a few things here:

 

  1. External communication. When I first called HubSpot about this issue, your support told me this change was communicated to us weeks ago. A post on this form does not constitute communication! Anything that has the potential to adversely affect existing build must be communicated via email to admins, and earlier than a few weeks time (to find and secure developers to update our build). This change wasn't even on your product update blog! You have to understand that businesses have lost real money due to this negligance. This is not just a bug, an annoyance, this is a monetary loss to the businesses you're supposed to be serving. It will affect livelihoods. What's more, you've also completely obliterated our trust. What other core functionality will you suddenly change without warning or workaround? And if you tell us it will never happen again, why should we trust your answer?
  2. Internal communication. I normally really like HubSpot support. This time around, it's clear the change completely caught them offguard too. One person told me the workaround is to programmatically download the file and store it on a separate server, despite that not actually being possible. Another told me there is no planned fix, that this is final state, though clearly a fix was being planned. Today a third rep told me he asked around and found a third-party (paid) app to support our needs, despite your solution being annouced earlier this week (making his idea irrelevant). In short: get it together.
  3. Emailed attachments in workflows. Reading through this chain, I can see much of the pain of this update would have been mitigated if HubSpot allowed attachments to emails sent via workflows. For example, we could have set up a system where submitted forms generated emails (with attachments) that got sent to a unique mailbox, paired with separate automation to upload those emailed attachments to a seperate and internally accessible location. That could have worked for us, but there's apparently no way to send email attachments via workflow. Look at the comments in this thread. So many people are just emailing these files as attachments. Why not listen to your users and implement this basic feature?
KeyWestScott
Key Advisor

Amen to all points, but mostly #3!

 

And then to add a #4 - Have a disaster / fall back plan.

 

Scott

0 Upvotes
zjkaufman
Member

Matt -- 

 

I was glad to read of this solution. Can you offer any update re: rollout? Thank you.

0 Upvotes
mwelch
HubSpot Alumni

As you've likely noticed, new files have the new URL format as of Monday, and existing files are in the process of being moved to the new format.

 

At the same time, we're completing testing of the authenticated download functionality, and will be providing updates and documentation once that is complete. At that time, the files at these new URLs will be accessible via OAuth headers (with the correct scope), API key, and standard, browser authentication.

0 Upvotes
KeyWestScott
Key Advisor

Matt / @mwelch Tried as of today and it seems that no consideration was given for setting up a user account, for file access only??

 

I have a test user that I have given them NO permissions in the Hubspot portal.  Yet, upon logon this user has acccess to:

  • Activity Feed
  • Conversations
    • Inbox and Chatflows
  • Files ( HUGE security hole!!!!!!!!!!!!!!!! )
  • Deals - Can create
  • Tasks - Can Create
  • Service - Can create tickets
  • Reports
    • Analytics Tools
    • Dashboards
    • View Reports

#1 How can a user that has effectively been given NO access rights, be able to access so much of the system?  The files portion is a gaping hole.  They could effectively delete every file in the website...!!!!!!!!!!!!

 

#2 How are we to access these files, SECURELY. Since security  was the motivating factor in this project, there has to be a way to do exactly that.

 

Scott

PTPsupports
Participant

Has this solution rolled out yet?

 

If yes: Hubspot is still requiring recipients to sign into hubspot to view attachments.

If no: I'm confused about how this solution solves anything.

 

Please give us a status update, so we don't have to test it and look like idiots when our superiors ask us what's going on. "Hubspot not updating us" is not an acceptable excuse.

KeyWestScott
Key Advisor

For everyone else that the "fix" is not applicable or workable, what I did was basically to just go back old school and add  "mailto" html code and removed the Hubspot form.

 

I know that for many, getting that infomation into HS is important, so this will probably not be a solution to you.  But, we had to get something working, since there was no workable resolution presented.

 

Scott

Birgitte
Participant

Hi Matt

I just wanted to add that we, when using your application also have a responsibility to ensure the safety of passed files. So in the end it is our responsibility so ensure secure handling. Which is why I believe the roll-back is an appropriate action. Set a disclaimer to stay in the clear. And let us take responsibility of our shared files. 
Best wishes Birgitte

KeyWestScott
Key Advisor

Sorry to be the sticking point here.  But, its now been 2 days (now after 5pm EST on Friday) since your last update and we still don't have a workable system or even ideas as to how or when we might expect a resolution to this issue.....

 

I assume that HS has a Persona for frustrated customers! ! ! 

 

Scott

tylerstouder
Participant

Any updates?

mwelch
HubSpot Alumni

Hello everyone,

 

As I mentioned in my last update, our team has been actively investigating potential workarounds for this issue. Regrettably, in order to maintain data security, we have come to the conclusion that we will not allow files that have been uploaded via forms to be accessible publicly.

 

We are currently working on methods to allow these files to be accessed in an authenticated manner, in addition to the currently-available access through a HubSpot-logged-in browser. More information on that will be available later this week.

 

I know this is not the answer many of you were looking for, and am very sorry for any frustration and inconvenience this will cause.

 

Thanks,
Matt

0 Upvotes
tylerstouder
Participant

So in short....our buisness we would have to create an extra 40 users to be able to access these?

KeyWestScott
Key Advisor

Hate to harp on it, but in addition to having to create those 40 new users. As part of this whole issue, of making the process more "secure" you will have to give these new users (as it stands now) access to parts of Hubspot that you most likely will not want them to have access to.  Since HS does not allow a granular application of security rights.

 

We will most likely, if things do not improve, abandon this whole process and look for another provider or methodology of having files submitted to our company.

 

If HS really wanted to beef up security, they could have simply had a means to enforce the types of files being uploaded, ie; not allowing Word/Excel/etc that have imbeded macros....  Poof - More Secure Files.

 

Scott

tylerstouder
Participant

I know...this might be the reason to push us to salesforce. 

4392087
Participant

Have you told your partner integration developers this? You can no longer provide a partnership with these integrations? Very confused on this road block, especially since this prevents automation. Surely if us and our partners can provide a new work around on the API it can still be secured and will lie on our end the protection rights vs HubSpot since it will be sent to another platform and thus out of your hands. 

PTPsupports
Participant

This is very bad. Like the rest of your upset customers, I will be researching hubspot alternatives and sharing this experience with colleagues, public reviews and social media circles.

 

For now, my work-around is to use gravity forms WP plug-in. The attachments are sent through HS the same way, but via a link sourced from my webserver. This is not ideal b/c it takes up server space and as with all plug-ins, there is a risk of issues popping up. This is also not a fix for my HTML site that we haven't migrated to WP yet.

 

Not looking good Hubspot!

 

 

0 Upvotes
zjkaufman
Member

My organization is dramatically impacted in a similar fashion to those that have commented previously. This change has significantly hindered our operational pipelines, and I do not feel messaging was adequately conveyed nor defended by Hubspot. We have the technical resources to respond to a change in spec/API access, but not the operational bandwidth to compensate for poor management of your functionality.

 

Looking forward to hearing re: a resolution in this thread as the week progresses.

Codi
Member

Please is there an update on this issue, especially for those who used to connect to Hubspot api? Is there a workaround as this change has "killed" our automations around Hubspot?
Surely it does not make sense to keep paying the normal Hubspot subscription fees when this key feature is not available as this situation has created manual jobs in my Organization, where we did not even have the extra manpower.

tylerstouder
Participant

That is excatly what I did.   

mwelch
HubSpot Alumni

We have posted a new changelog entry that details the updates to support authenticated access to these files, and which contains links to relevant documentation. Thanks for your patience as we built these new capabilities.

0 Upvotes
tylerstouder
Participant

Can this be done in Zapier?  Glad we have to use development resources to accomplish this.

KeyWestScott
Key Advisor

So, in reading this...  And please correct me if I'm wrong.  The only way to get a file is to have a developer write an "app" of some sort?  **bleep**?????

 

You still have not, as documented, provided a SECURE means of a regular HS user to access these files.

 

Scott

samanthacrist
Participant

Anyone know a developer who could record this process on a VidYard tutorial and post it? I've tried setting this up myself using the resources but it's like it's in another language. I'm completely lost.

 

@mwelch please look into additional options for us non-developers.

0 Upvotes
samanthacrist
Participant

Jumping in on the bandwagon so I can get email updates.

 

As many of you have already indicated in this thread, this functionality is severely limiting.

 

I have been working since July with my Human Resources team to automate a significant portion of their Applicant Tracking System because they are short-staffed and are drowning in applicants.  We just launched it completely this week and so it was very disappointing to learn that we now might not be able to automate those resumes/cover letters to go to the hiring managers for the open positions.

 

I'm familiar with HubSpot making changes on the fly (been using them since 2016) -- and I admit that it is usually for the better -- but this change has me scratching my head. Thanks for the link to the changelog -- this is now bookmarked on my browser and I will reference it frequently.

 

@mwelch I really do hope you and your team come up with a solution. Maybe a toggle setting within the property to opt-in and out of this functionality? You could always default it to "on", then we (the users) could just turn it off for the ones that interact with our internal workflows. Or even if you could designate the workflow as an internal workflow so you can bypass that rule.

0 Upvotes
samanthacrist
Participant
Spoiler
 

Has there been any updates?