Default permissions are causing security risk | Ticket Tool Support | Page 1

maiden geyser Feb 22, 2025, 4:52 AM

#

So there's a basic slash command (/msg) that allows users to message anyone in the server regardless of mutual channel access. Basic slash command permissions are controlled by channels, not roles.
I can turn off slash commands for the category, but tickets aren't synced with the category due to requiring access for the ticket creator.
This has created a situation where unverified users can access and message my members despite not being visible to each other. As we're a vulnerable community that's targeted by trolls and scammers, this is a serious concern for us.

I'm not sure if there's anything that can be done about this, but I figured I'd bring it up, just in case.

last lagoon Feb 22, 2025, 4:57 AM

#

Hey there! So the users are running the command inside the ticket?

maiden geyser Feb 22, 2025, 5:04 AM

#

last lagoon Hey there! So the users are running the command inside the ticket?

Yes. I tested this myself with an alt and it's the only explanation for what's happening.

#

(sorry I forgot I'm not supposed to ping)

last lagoon Feb 22, 2025, 5:05 AM

#

Unfortunately it’s not possible to disable the built-in commands in tickets

maiden geyser Feb 22, 2025, 5:06 AM

#

Ah that's too bad. I'll submit feedback with Discord, thank you!

last lagoon Feb 22, 2025, 5:06 AM

#

You’re welcome, glad I could help! Thanks for choosing Ticket Tool!

#Default permissions are causing security risk