Actually, this is a very big issue. I only discovered this myself two weeks ago while I have been a happy kunena customer for the past year and FB before. It never occurred to me that my files were "open" to the public. While the use of a blank index.html in every directory helps, this doesn't solve the issue.
I looked at my other forum, phpbb which I use because I need group access to different sub-forums, and while the files are stored in the files directory, 1) by default the httaccess file is set so the directory is not accessible and 2) all the file names are nonsensical eg 2_0122d903f2adfc5100723a5d974daf8e. I recognise we can play with the httaccess file to restrict access however this is not for the faint hearted.
I wonder, moving forward, why can't the files be stored above the public_html folder. This is done with moodle where the moodledata directory is not public and users can still access, edit, add, delete content. This could be configurable so that those who do not have access to folders above public_html can still use kunena but for those who require the additional security the option is there.
I wonder is this something that we could hack to make work? Can we point kunena to a location above public_html?
Thanks in advance for your thoughts
Chris
