Kunena 6.3.0 released
The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3
Question Visibility of attachments and image for guests
- ghasem karimi
- Topic Author
- Offline
- Junior Member
In version 1,5x and 1,6 koonena introduced and gave us
the tools (visibility of attachment and image for guests)
unfortunatly there has been a few problems,and I would like to see
if these issues can be solved.
1. when user through login is granted access to download links,
user can copy link and give a way to a non member and without logging in and still
access the file,video..etc ???
2. When saving a single link in PDF format and links are saved in PDF as well....
is there no way to solve this issue?
I would appreciate any help admins or users can give me regarding
the 2 issues above.
Please Log in or Create an account to join the conversation.
I think it's important to keep in the back of your mind that Kunena is a web-based discussion forum product. Even though you can restrict access to the discussions, you can't prevent your users misusing their privileges to pass information in other ways. The features built into K 1.5.12 and K 1.6 merely hide attachments from those who are not logged-in; that is to say, if you are not logged-in you are not able to see the link to the attachments. But if you could find the link to the attachment then you would have access to that attachment.
The solution to this problem lies in webserver security. You can apply security via other software - you might even be able to do something with the .htaccess file - but I don't know how it's done.
When saving a single link in PDF format and links are saved in PDF as well I'm sorry but I don't understand the connection between this statement and Kunena. Can you provide more information to help me understand the issues better, please?
Blue Eagle vs. Crypsis reference guide
Read my blog and
Please Log in or Create an account to join the conversation.
- ghasem karimi
- Topic Author
- Offline
- Junior Member
Please Log in or Create an account to join the conversation.
- ghasem karimi
- Topic Author
- Offline
- Junior Member
Please Log in or Create an account to join the conversation.
I think that we'll have to take this question on notice (at least as far as K 1.5 is concerned) and come back to you later.
Blue Eagle vs. Crypsis reference guide
Read my blog and
Please Log in or Create an account to join the conversation.
- ghasem karimi
- Topic Author
- Offline
- Junior Member
Please Log in or Create an account to join the conversation.
I looked at my other forum, phpbb which I use because I need group access to different sub-forums, and while the files are stored in the files directory, 1) by default the httaccess file is set so the directory is not accessible and 2) all the file names are nonsensical eg 2_0122d903f2adfc5100723a5d974daf8e. I recognise we can play with the httaccess file to restrict access however this is not for the faint hearted.
I wonder, moving forward, why can't the files be stored above the public_html folder. This is done with moodle where the moodledata directory is not public and users can still access, edit, add, delete content. This could be configurable so that those who do not have access to folders above public_html can still use kunena but for those who require the additional security the option is there.
I wonder is this something that we could hack to make work? Can we point kunena to a location above public_html?
Thanks in advance for your thoughts
Chris
Please Log in or Create an account to join the conversation.
Can somebody share if the Kunena team will be looking at these security issues.
Is it possible to hack Kunena so that the attachments & pictures are stored above the public_html directory?
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.