Security Of Files In The ' .../phocadownload/ Folder

[sparsons]

Hello All,

This is my first post in the Phoca Forum, ...and I am a 'Newbie', ...for sure !

I have searched the Phoca Forum to better understand the relative level of security (protection of) file(s) that have been uploaded to the ../phocadownload/ folder on the server.

My level of understanding to date, .. concerning the access to those files by logging into the Joomla website (..and setting the appropriate permissions) for users, ...is clear and I understand how these features work.

What I am concerned about is a hacker gaining access to those files using a browser, and perhaps the hacker having some knowledge of the Joomla system directory structure, ...and ultimately, ...accessing those files without logging into the site.

I noticed the alias strings in the address bar of my browser when I go to different pages in my Joomla website. Are there ways that hackers can copy and used the alias text strings to break into my ../phocadownload/ folder and access my private files?

Should I be considering an alternative approach, ...or ...does the Phoca Download system already provide a reasonable level of protection for those files on the server?

Thanks for any feedback.

[Jan]

Hi,

1) you can protect the files in this folder by server protection (there you cannot do anything with component, it needs to be done on server side)

2) or you can set own folder - and this can be folder set outside the public_html which is in fact not accessible from internet.

So yes, there are different ways how to protect files using Phoca Download. (there are more methods, e.g. to call the file with some hash, etc. etc.)

Jan