News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Secure Attachments

Started by lupus, April 02, 2007, 04:32:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

lupus

April 02, 2007, 04:32:54 PM
Would be nice if there was a way that when you attach a file it couldn't be got at except from the specific post...

At the moment if you know the path and the original file name you can by pass any member group permission and get it that way...

青山 素子

#1
April 02, 2007, 05:37:54 PM
If you know the direct path, you can get any file you want, it is the way a webserver works.

Now, if you move the path to the attachments folder so it is outside the web root, then you can enforce going through the normal URL (although you could just access that URL, you can't really enforce per-post).

So, if your host gives you FTP access that looks similar to the following:
|
-- public_html

Then, just create an attachment folder that sits alongside the website folder, fix permissions, and adjust your attachments path in SMF. All files will now be stored outside the website area and will need to be accessed through the SMF scripts. You'll also need to move all the existing files over to the new folder if you do this.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.

Print
Go Up Pages1
User actions
Advertisement: