1. woluweb
  2. Pres-sale questions about Dropfiles
  3. Thursday, March 17 2016
  4.  Subscribe via email
Hi,

First of all, I must say your extension is very, very impressive :-)

Still, I have a precise question about security of Documents which are not "public" but for "registered" or others.
Let's take an example from your demo site.
When I hover the Download link, I see the "real" link to the document.
Example : http://www.demo-joomunited.com/files/91/Root%20category/38/Document.docx
It means I could send it directly to a third party.

For a Public document, no problem of course.
But how does DropFile manages Ddocuments which are for example restricted to "registered" users ?
Could a registered user just "share the direct link" (or is the link "cloaked" so that it requires to be logged in to be able to download the file).

This is of course important as security.

Txs a lot in advance,

Marc
Responses (5)
Accepted Answer Pending Moderation
Hi,

Thanks, really appreciated.

About the file access, Dropfiles is using Joomla ACL. If the user is the user group you've defined that corresponding to a category of files he won't be able to reach the file directly. For that he'll need to login of course.
Note in the next version that is coming next week, we'll add an option to restrict access a a single file per user (not just a group).

Cheers,
Accepted Answer Pending Moderation
Hi Tristian,

Txs for the quick reaction !

I had understood about ACL rights.
My question was a bit different.
Say I have the following document ONLY for registered users :
http://www.demo-joomunited.com/files/91/root%20category/38/document.docx
If this URL appears in "clear", that Registered User could post the url anywhere and share the direct link to the file, so that people who don't even have an account could download the file...

So ACL takes already care for restricting access to the full article, but quid for the direct link of a given document ?

Txs again,

Marc
Accepted Answer Pending Moderation
If this URL appears in "clear", that Registered User could post the url anywhere and share the direct link to the file, so that people who don't even have an account could download the file...


No the access is restricted. I confirm that if the user is not logged in with a proper right, he won't be able to download the file even if he have the direct link. This is exactly the same thing when you restrict the access to a Joomla content (an article), the user can have the link to the content but it's still not accessible. This is the advantage of using Joomla native ACL.

Hope it helps.

Cheers,
Accepted Answer Pending Moderation
That's excellent then ! Really.
(actually, my fear came from your demo site, where the link to the doc looked like a direct link to the file : http://www.demo-joomunited.com/files/91/root%20category/38/document.docx)

I was so excited when I discovered Dropfile yesterday that I have already contacted two of my customers (one using eDocman, the other was willing to have a document management system, but it was not yet implemented).

Maybe we'll meet at the next JoomlaDay Paris ?
That would be nice :-)

Yours,

Marc
Accepted Answer Pending Moderation
Great! not sure in Paris, but J&Beyond Barcelona is booked ;)
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!