Uploads Module Security
Posted: Wed Mar 21, 2007 9:16 am
Hello,
Sorry if my english is not very good
I use three modules : Uploads, customcontent and frontenduser, to put to registered users, different files. But my problem concerns the link of download of files. When we do a "click right" into the file, we can Copy the download url, but if somebody change, into this link, the upload ID, he can download whatever files, who isn't authorized.
download Url : upload_id=19[/color]&cntnt01returnid=57]http://SiteName/cmsms/index.php?mact=Uploads,cntnt01,getfile,0&cntnt01showtemplate=false&cntnt01upload_id=19&cntnt01returnid=57
I put a .htaccess in the directory Uploads, but it is only functional when we write the complete path of file.
So Can I secure the Upload link?
I hope you understand me
Thanks
Sorry if my english is not very good
I use three modules : Uploads, customcontent and frontenduser, to put to registered users, different files. But my problem concerns the link of download of files. When we do a "click right" into the file, we can Copy the download url, but if somebody change, into this link, the upload ID, he can download whatever files, who isn't authorized.
download Url : upload_id=19[/color]&cntnt01returnid=57]http://SiteName/cmsms/index.php?mact=Uploads,cntnt01,getfile,0&cntnt01showtemplate=false&cntnt01upload_id=19&cntnt01returnid=57
I put a .htaccess in the directory Uploads, but it is only functional when we write the complete path of file.
So Can I secure the Upload link?
I hope you understand me
Thanks