Kunena 7.0.2 Released

The Kunena team has announce the arrival of Kunena 7.0.2 [K 7.0.2] in stable which is now available for download as a native Joomla extension for J! 5.3.x/5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0

Important [Unsolvable] How to secure files attached to posts in a forum only accessible for registered users?

More
16 years 1 month ago - 15 years 11 months ago #39578 by Gompie
[Unsolvable] How to secure files attached to posts in a forum only accessible for registered users? was created by Gompie
Hi,

I have installed Kunena in a closed section of my Joomla site to which only registered users have access.

I now notice that when those users attach files to posts, these files are accessible without registering once you know the name of the file, because the standard directory in which these attachments are stored by Kunena is not protected (/media/kunena/attachments/legacy/files/[name of the file]).

How can I solve this?

/Gompie
Last edit: 15 years 11 months ago by sozzled. Reason: Topic closed

Please Log in or Create an account to join the conversation.

More
16 years 1 month ago #39579 by xillibit
Replied by xillibit on topic Re:How to secure files attached to posts in a forum only accessible for registered users?
Hello,

With a bit of search, you can find anything : www.kunena.com/forum/advsearch?q=hide+at...name=1&childforums=1
I don't provide support by PM, because this can be useful for someone else.

Please Log in or Create an account to join the conversation.

More
16 years 1 month ago - 16 years 1 month ago #39582 by Gompie
Replied by Gompie on topic Re:How to secure files attached to posts in a forum only accessible for registered users?
Hi,

Ok, thanks (and sorry: must have used wrong search terms), but: I installed the 1.5.7 patch (I am still running the 1.5.7 version) and found the new configuration items in the backend (show images/attachement for guests = 'no'), but the files are still available; is this only valid for new posts or what?

/Gompie
Last edit: 16 years 1 month ago by Gompie.

Please Log in or Create an account to join the conversation.

More
16 years 1 month ago #39620 by Gompie
Replied by Gompie on topic Re:How to secure files attached to posts in a forum only accessible for registered users?
Hi,

I have upgraded to 1.5.9 now, but it's still not working (using the 1.5.7. patch)...

Any ideas?

/Gompie

Please Log in or Create an account to join the conversation.

More
16 years 1 month ago #39707 by Gompie
Replied by Gompie on topic Re:How to secure files attached to posts in a forum only accessible for registered users?
Hi

Installed the 1.5.8 patch now over the 1.5.9 and even tried the Dutch 1.5.9 Ultimate version as suggested, but still no solution (the Dutch 1.5.9 Ultimate version even gave an error in a language file after installing, apparently the uninstall doesn't really delete everything), but I guess those patches suit their purpose, but not mine: it all comes down to the fact that Kunena stores attachments to posts in a public Joomla directory /media/kunena/attachments/legacy/files and there's no way to change that ...

/Gompie

Please Log in or Create an account to join the conversation.

More
16 years 1 month ago #39713 by Theo01
Replied by Theo01 on topic Re:How to secure files attached to posts in a forum only accessible for registered users?
I haven't tried this myself yet because I never had any need for it, but here is what I think can work for you:

Prevent direct (hot) linking to files in your .htaccess file. This requires visitors to view the files inside the forum. You can apply this "trick" to other Joomla! components as well.

Lots of examples on how to configure an htaccess file contain a section for disabling hot linking.

That's the first one Google spits out: www.javascriptkit.com/howto/htaccess10.shtml

Please Log in or Create an account to join the conversation.

Time to create page: 0.277 seconds