Contact for Risk Assessment Questions

ntholling
I have been using Zotero for over 8 years and love it. I recently started introducing others to Zotero at my place of employment. To get IT's blessing on the software, IT is asking for someone from Zotero to whom I could direct a few security questions. Would someone from Zotero please contact me directly to facilitate the conversation?

Thank you,

Nathaniel Hollingsworth
  • dstillman Zotero Team
    The security information we provide is here:

    https://www.zotero.org/support/security

    If there are other questions, they can be posted here, though that page includes basically all the information that we have to share.
  • ntholling
    Thanks, dstillman. One other question: since IT's major hangup is the ability to sync to Zotero's servers, would it be straightforward to implement some sort of engineering control that would prevent syncing? Such as blocking the web protocol and ports to get to Zotero's sync server or compiling a custom version of the code with the syncing commented out (which my organization would do)?
  • adamsmith
    You can't block the ports for syncing since Zotero uses standard https ports for both sync and to e.g. download PDFs associated with articles or search by identifier, so if you block Zotero from syncing you also block all sorts of other functionality

    It would be reasonably easy for IT to create a version of Zotero without the sync pane of the preferences, which would make it impossible to enter username&password to sync, but that would require patching & releasing the Zotero software with each update, which is fairly frequent.
  • ntholling
    Thanks, Adam. I will bring that feedback back to IT.

This is an old discussion that has not been active in a long time. Before commenting here, you should strongly consider starting a new discussion instead. If you think the content of this discussion is still relevant, you can link to it from your new discussion.

Sign In or Register to comment.