External acess to userupload folder
Posted: 10 Mar 2012, 09:45
Hello,
First of all, congratulations on a great work with this extension.
I recently started using it for a university class web which inludes a document storage and sharing area. Works just fine.
Registration is limited and there are some internal documents which are not to be acessible except for some users. Downloads only visible/acessible to registered users, upload and delete only to a few of those (managers). That part I figured out but there's still the possibility of direct folder/file acess by an external direct link safety (which could be easily figured out if you find the installed folder structure). So, I passed the general folder to a non-public server folder. That worked. There I can upload most of the files by ftp and use multiadd. That solved most of it but one doubt came up.
User-uploaded files are stored in another folder, inside the phocadownload folder (both can be changed in options/config) but are these always in the public section? Or can that be changed to the non-public area with absolute path as well?
Having FTP layer should allow users to write in the non-public section trough joomla right?
Is there another way to do this or can we just assume that the user-specific folder which is created "enconded" within the userupload folder is enough to make cracking the strucuture a chalenge?
Thanks,
Ricardo M.
First of all, congratulations on a great work with this extension.
I recently started using it for a university class web which inludes a document storage and sharing area. Works just fine.
Registration is limited and there are some internal documents which are not to be acessible except for some users. Downloads only visible/acessible to registered users, upload and delete only to a few of those (managers). That part I figured out but there's still the possibility of direct folder/file acess by an external direct link safety (which could be easily figured out if you find the installed folder structure). So, I passed the general folder to a non-public server folder. That worked. There I can upload most of the files by ftp and use multiadd. That solved most of it but one doubt came up.
User-uploaded files are stored in another folder, inside the phocadownload folder (both can be changed in options/config) but are these always in the public section? Or can that be changed to the non-public area with absolute path as well?
Having FTP layer should allow users to write in the non-public section trough joomla right?
Is there another way to do this or can we just assume that the user-specific folder which is created "enconded" within the userupload folder is enough to make cracking the strucuture a chalenge?
Thanks,
Ricardo M.
