Important – Documents Should be Private and they are Publicly Accessible!

  • Resolved jacdesigner

    (@jacdesigner)


    6 years, 2 months ago

    I have tried reviewing in detail multiple times the settings under File Options.

    This entire site requires a login and all documents are intended for employees who login only. I have checked the box for Options > Settings > Configuration Settings > File Options > Hide all Files (Non Members)

    BUT a visitor who is not logged in at all can still go straight to the file link in a browser and access it as a PDF, etc. This is a security issue – how can we keep them totally private to only logged in members?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author bhaldie

    (@bhaldie)

    goto Options > Settings > .htaccess File Editor and tell me the contents of the text area.

    Thread Starter jacdesigner

    (@jacdesigner)

    Deny from all
    Options +Indexes
    Allow from .google.com

    Plugin Author bhaldie

    (@bhaldie)

    can you try this as a test goto one file, and click manage file and switch the File status to Private.

    Then try and see if that file is downloadable.

    Thread Starter jacdesigner

    (@jacdesigner)

    I tried looking for that option, but I see nothing about “File Status” on a single file when I go Manage File.

    Thread Starter jacdesigner

    (@jacdesigner)

    I am able to view the settings of a file (left click on file name) and see it shows “File status: Public” but I am not able to edit that status. If I click Manage File there is no field available to alter file status at all. Only name, description, browse for file, categories. Is this a known bug or conflict?

    Plugin Author bhaldie

    (@bhaldie)

    goto Options > Settings > Displayed File Properties > make sure ‘Show upload file status’ is checked. Then try again.

    Thread Starter jacdesigner

    (@jacdesigner)

    Hi bhaldie.

    Thank you for allowing me to see the file status option. I have been able to get it to appear and use it to change a file from Public to Private.

    But there is still an issue.

    If I change a file to Private, it will only allow me as the admin who posted it to view it. None of my subscriber level users can view it.

    So to be clear, I want to ensure that any file that is uploaded in Memphis Docs is only accessible to a logged in user (any level).

    Plugin Author bhaldie

    (@bhaldie)

    yes, I just wanted to test out this functionality to see if it works. I know that this will make it private to all users.

    The next step would be to put the file back to public, and disable all other plugins, also making sure that you have this setting click Options > Settings > File Options > Hide All Files: (Non Members).

    Then try again with a non logged in user to see if they can see the file.

    Thread Starter jacdesigner

    (@jacdesigner)

    Thank you very much for your helpful prompt support. I now believe the plugin is working fine, but some of these complaints we received about files are related to user error on the part of the admin’s procedures and subscribers. They seem to be accessing files outside of the plugin altogether in some occasions. I will escalate this to the IT person and assume there is not an actual issue in your plugin.

    Plugin Author bhaldie

    (@bhaldie)

    sounds good, let me know if you need any other assistance .

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Important – Documents Should be Private and they are Publicly Accessible!’ is closed to new replies.