Security question

  • maxsupernova

    (@maxsupernova)


    12 years ago

    Hi there,

    Searching the help forum here, I found that Moneygala asked this question at the end of a thread 4 months back and didn’t get a reply. I have the exact same question:

    “On the subject of security:

    Files are simply uploaded to the ‘uploads folder’ – by typing the general upload location in the browser, all uploaded files are visible to the public.

    Do you have any plans to resolve this or indeed a ‘work-around’?”

    https://www.ads-software.com/extend/plugins/sp-client-document-manager/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author smartypants

    (@smartypants)

    In the latest version you can move your directory, also it is recommended that you disable directory indexing on your server. In the future we have plans to move the uploads directory to a non web accessible directory but this will have major conflicts across the board with servers that don’t support fread() to serve files.

    Squirrel

    (@mossyoak)

    This may be useful/ relevant: I found a possible solution for protecting the uploads folder to users who are not logged in.
    I tried it a while back and it did work.
    stackexchange link.

    Plugin Author smartypants

    (@smartypants)

    Yeah that should work, when it comes down to security the plugin can only do so much. You have to harden your server as well.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security question’ is closed to new replies.