Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

How do I set security for uploaded files?

This discussion is related to the Uploader addon.
rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one"NY ✭✭✭

We want to allow users to upload files but want the files accessible only to users in the same category (we use category permissions ). That works fine for the discussions but once people figure out where the attachments folder is, anyone can go there and see everything.

Any suggestions, solutions?

Comments

  • .htaccess:

    Options -Indexes

    vrijvlinder
  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭

    Newbie here, please elaborate. Hope this won't break ability of permitted members to upload/download files.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    Searching the internet for htaccess options indexes brings up informative links like that: http://stackoverflow.com/questions/15837822/what-is-the-htaccess-options-indexes-for

    If your users aren't able to browse the directory, they will not be able to see what is in the upload folder.

    While I would guess that this is good enough, your users would be able to download things with brute force.


    Bleistivt
  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭

    Thanks @R_J, I found out that I can set security per folders, so in theory I can control who has access to the download folder. My problem is coordinating it with Vanilla -- namely how to set it so it won't break anything.

    The requirements are "simple":
    1. Users should be able to upload files (no brute force - my users aren't sophisticated).
    2. Users should be able to download files (again,no brute force)
    3. Users (and guests) should not be able to alter url pointers to images in order to access downloaded files (as they can today because downloads go to the same place as profile pictures, forum logo, etc.)
    4. We use category permissions to separate group of users (Users from group A cannot see discussions from Group B and vice versa). Similarly, we need to ensure that users from group A will not be able to access downloaded files from group B.

    I'd welcome advice on how to modify the plugin to direct files to a different folder, as long as I could set folder security (in htaccess, I guess) to work with the requirements.

    So before I go and play with htaccess, I need to understand how to make it work with the above.

  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭

    @Bleistivt - very insightful, thanks! I guess I'll have to research how downloaded files ended up with names in the clear. Possibly a different upload plugin (I tried a few...)

    Is there an encryption for the files themselves?

  • hgtonighthgtonight ∞ · New Moderator

    @rbrahmson said:

    Is there an encryption for the files themselves?

    Not by default.

    It doesn't really make sense to either. It would be effectively the same thing as locking your house but printing the passcode on the front door.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭

    @hgtonight said:
    It doesn't really make sense to either. It would be effectively the same thing as locking your house but printing the passcode on the front door.

    Not sure I understand. I was hoping that Vanila had such a builtin encryption facility so that in the event that someone gets to an uploaded file, it is still encrypted. Why would that be printing the code on the floor?

  • hgtonighthgtonight ∞ · New Moderator

    The idea of encrypting files is to render it unusable to anyone without the key. Since the files need to be public to serve them to users, you have to decrypt them before you give them the file. Or you give them the key and have them decrypt it locally. Either way, you aren't really gaining security from encryption.

    You are gaining some security during the transport, assuming you are transporting the key with a different medium.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

    rbrahmson
  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭

    My thinking is that the transport was the decryptor, rather than decrypting into a temporary file before transporting. Clearly I'm not a programmer and I'm imagining things as they "should be" in my naive world...

    At the end of the day what I wanted is to have separation between groups of users (roles) so one group wouldn't have access to the other... Seems like I'll have to live with the file-name encryption mechanism...

    I appreciate your and your colleagues clarifications. Everyone has been very helpful and I appreciate that.

    R_Jhgtonight
Sign In or Register to comment.