Is there a security problem?
Posted: 12 Apr 2013, 12:56
Hi to all,
i have install phoca download (joomla 2.5) end i try to use it
I have found this problem. Default installation create 2 folder
phocadownload
phocadownloadpap
i try to insert a new file (text.txt) and one category. I public the file with registered access and all works fine.
So when i try to download the file on frontend, site ask to me to do login for download... perfect
Now, phoca download put the file that i have upload in "phocadowload" folder.
This is the problem, if i write on my browser all the URL
www .site.com/phocadowload/text.txt
i can download a file without any access control and security
I don't have any security on the file that i put registered access... i can download easily with the URL...
is there a solution?otherwise i can't use phocadownload to downaload sensitive files...
thank you in advance
i have install phoca download (joomla 2.5) end i try to use it
I have found this problem. Default installation create 2 folder
phocadownload
phocadownloadpap
i try to insert a new file (text.txt) and one category. I public the file with registered access and all works fine.
So when i try to download the file on frontend, site ask to me to do login for download... perfect
Now, phoca download put the file that i have upload in "phocadowload" folder.
This is the problem, if i write on my browser all the URL
www .site.com/phocadowload/text.txt
i can download a file without any access control and security
I don't have any security on the file that i put registered access... i can download easily with the URL...
is there a solution?otherwise i can't use phocadownload to downaload sensitive files...
thank you in advance