- Posts: 74
- Thank you received: 3
Kunena 6.3.0 released
The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3
Question Attachment Security Problem
I run a private forum that is visible only after logging in. I am using Kunena 1.7 version on joomla 1.5.23
All attachments are uploaded in sitename.com/media/kunena/attachments/...
However, the folder is accessible to all via web browser. Also files can be downloaded by anyone who know the link of the file.
Plz help me how to fix this...
I have no signature
Please Log in or Create an account to join the conversation.
This is the normal behaviour of Kunena, if you don't know the name of files you can't find it. Actually, i don't know a way to prevent that.
I don't provide support by PM, because this can be useful for someone else.
Please Log in or Create an account to join the conversation.
rgblogs wrote: Hello
I run a private forum that is visible only after logging in. I am using Kunena 1.7 version on joomla 1.5.23
All attachments are uploaded in sitename.com/media/kunena/attachments/...
However, the folder is accessible to all via web browser. Also files can be downloaded by anyone who know the link of the file.
Plz help me how to fix this...
That is correct and as designed behavior NOT a security problem. The same is true for all other Joomla files on your server. If you know the link to any image or uploaded file within Joomla you can access or download it.
IF you want to protect certain files from certain user groups you will have to look at other download manager solution within the Joomla extension directory.
Hope this helps!
We love stars on the Joomla Extension Directory .
Please Log in or Create an account to join the conversation.
yes, download managers use redirect feature to protect files from being downloadable to guest according to acceess level.
I hope kunena can also add that feature in future.
I have no signature
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
- yoonique[.net]
- Offline
- New Member
- Posts: 13
- Thank you received: 3
You probably haven't received a lot of requests for this, because pretty much all users assume that atttachments are protected as well. I only discovered this by accident
For example Zoo uses the following code to protect downloads ("hide path behind md5 hashed URLs).
Please Log in or Create an account to join the conversation.
I disagree it being security issue (I wouldn't put sensitive files into forum anyway), but I can understand why other people think that it is. We are not taking any more features into Kunena 1.7, but I hope to get this done for K2.0.
Please Log in or Create an account to join the conversation.
- yoonique[.net]
- Offline
- New Member
- Posts: 13
- Thank you received: 3
Please Log in or Create an account to join the conversation.
Waiting for 2.0 and hope it has some solution
I have no signature
Please Log in or Create an account to join the conversation.
www.zone-h.org/mirror/id/15827000 - my site had been hacked - allegedly it was - Security Testing By:
-=[ AntiDefence BlackHat TEAM ]=- - I had to prevent ALL downloads on my site since this happened - it is quite unfortunate as it is very public - all over the internet public... which in itself was a gift in disguise as I was able to clamp down on my security issues.
Now noone is allowed to download on my site..
I hope you guys can attempt to fix this issue sooner than later. :sick:
Please Log in or Create an account to join the conversation.