Self Hosted - Self-hosting your services.

19456 readers

29 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate. This is strongly encouraged!

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 5 years ago

MODERATORS

dogmuffins@lemmy.ml

testman@lemmy.ml

Zoe8338@lemmy.ml

End-2-end-encrypted ticketing system for help desk (brainstorming a software stack) (lemmy.ml)

submitted 1 day ago by dengtav@lemmy.ml to c/selfhost@lemmy.ml

6 comments fedilink hide all child comments

Hey all, I would like to do some brainstorming here :) People use ticketing systems for a variety of purposes and I can relate with that, since those systems make organizing collective work load in groups, especially those who don't meet everyday in person, a lot easier.

There are lot of ticketing systems around and I really like some of them, such as zammad, e.g. In recent days I heard several people discussing different workflows for there community organizations or other civil projects, where ticket systems could really provide some help for them. The problem with all ticketing systems is, that non of them provides a real ability for end-to-end encrypted (e2ee) communication, which apparently was a proper concern.

The main problem here is, that real e2ee has to be implemented via a client (desktop) app. Yes, zammad also provides some "support for pgp", but the problem here is, that the pgp keys are stored on the server itself. So when the server gets compromised, the attacker will be able to just take the (d)encryption keys alongside with the actual encrypted messages. This obviously breaks the fundamental idea of e2ee, not having to trust the server itself for data confidentiality.

Thats why I think it needs a client side solution for this. Now I think there are two options here:

Build a client app for an existing ticketing system
Build a server applications, that can be talked to through existing (maybe modified) mail clients

I see pros and cons for both here. Pros:

Building a client app for an existing ticketing service saves one the time to reinvent all the complex ticketing logic
I don't know anything about coding frontends (GUI's, javascript, etc), I could just take an existing client

Cons:

See Pro for 2.
See Pro for 1.

Since I am not a software developer, I thought I'll ask around here for some thoughts, opinions and tips :)

Talking about taking/forking/using ether an existing client or server app, I would only considers a popular/proven and not some edge products. Thanks, if you made it all the way down here :)

you are viewing a single comment's thread
view the rest of the comments

[–] solrize@lemmy.ml 2 points 1 day ago

Oh no not another client app. Just use a web app. E2EE doesn't help much for this since there has to be stored decryption keys, probably held by multiple people. So those are targets too.