Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

A way to protect Downloads?

Version 2.8.3

Hi there, does anyone know a way, to protect downloads from public access? So thant only loggedin users are able to start a download?

It's possible to make discussions available only to members, maybe it's possible for downloads too?

I know, the filenames are impossible to guess, but if someone publishes the link, everyone can use it wether logged in or not.


Regards Gregor

Tagged:

Comments

  • BleistivtBleistivt Moderator

    This is not easily possible.

    Making certain files in the download directory inaccessible would require routing all requests to the /uploads/ folder throught the frame work to do a permission check. This also destroys cacheability and would increase the server load significantly on image-heavy forums. This is why doing this for images is pretty much off the table (and the majority of websites do not do this).

    If you only want this kind of protection for uploads other than images, a solution could in theory be developed using server rules and some kind of dispatcher endpoint for uploads that does permission checks.

    However this seems more complicated than it needs to be. Would uploading encrypted files and sharing the password in the post work for you?

  • Hi and thx for your answer and proposals. You are right: I'm searching for a solution just for downloads, not for images. Something that involves readfile https://www.php.net/manual/de/function.readfile.php or a similar solution to get full control over the download. Maybe developing a plugin for this could be a way.

    But since I'm new to vf, I just wanted to check, if I missed a feature or if someone else has implemented that yet. 😊

    I will have a look on how links to resources are rendered in the post view.

  • I forgot to mention: the forum is mainly used from users are lucky to be able to upload a file. I think they never would understand and remember how to encrypt a file before upload 😅

Sign In or Register to comment.