hwdevteam VIP
Total posts: 76
04 Март 2014 01:39

I assume this is a bug? or at least an oversight.

Our Client has reported that their customers are able to download a file from a Joomla Article (Type > Field> Uploads) that is supposed to be a members only download.

They are using the file link as generated in the web page, however the link points to the file in the uploads folder directly.

I can only assume that there can be no protection on the actual file, as there is no php proxy script checking ACL authority, and then getting and downloading the file.

So how do I protect files in Cobalt ?

Cheers, Pete


Sergey
Total posts: 13,748
04 Март 2014 04:51

Please in updalods file parameters disable direct file access [1]

2014-03-04_10-49-39

Force to download makes none direct URL. Now you can protect it with ACL [2]


hwdevteam VIP
Total posts: 76
04 Март 2014 11:11

Hi Sergey,

Yep - that works..

Thanks!!

Работает на Cobalt