 Relationships |
|
| Anonymous | Login | Signup for a new account | 2010-09-09 09:58 BST |
| Main | My View | View Issues | Change Log | Roadmap |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0000127 | [OP SmartDesk] User Area | major | always | 2010-04-12 10:10 | 2010-04-12 11:23 | ||
| Reporter | ozanpakyuz | View Status | public | ||||
| Assigned To | ozanpakyuz | ||||||
| Priority | normal | Resolution | fixed | ||||
| Status | resolved | Product Version | 2.0.3740 | ||||
| Summary | 0000127: Secure File Download Access | ||||||
| Description | If a user (anonymous or not) knows the full path to the download file then they can get acces to it with no restrictions. | ||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0000119) ozanpakyuz (administrator) 2010-04-12 10:10 |
Investigating... |
|
(0000120) ozanpakyuz (administrator) 2010-04-12 11:23 |
The file_daownloads and support_uploads folders have been moved into the App_Data folder as this is restricted to direct access by default by IIS and the .Net framework so this will secure direct anonymous access to files. A custom file handler has been included that does have access to the app_data folder and will serve the files to the user provided that the user has been authenticated i.e Logged in. This new method has been applied to the following areas: User - adding a new uploaded to an incident User - adding an upload to a reply User - viewing attachments in the incident detail page Staff - adding a new uploaded to an incident Staff - adding an upload to a reply Staff - viewing attachments in the incident detail page Staff - Adding new file downloads Staff - Editing file downloads Staff / User / Anonymous - Accessing file downloads |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-04-12 10:10 | ozanpakyuz | New Issue | |
| 2010-04-12 10:10 | ozanpakyuz | Note Added: 0000119 | |
| 2010-04-12 10:10 | ozanpakyuz | Assigned To | => ozanpakyuz |
| 2010-04-12 10:10 | ozanpakyuz | Status | new => acknowledged |
| 2010-04-12 11:23 | ozanpakyuz | Note Added: 0000120 | |
| 2010-04-12 11:23 | ozanpakyuz | Status | acknowledged => resolved |
| 2010-04-12 11:23 | ozanpakyuz | Resolution | open => fixed |
| 2010-04-12 11:23 | ozanpakyuz | Projection | none => minor fix |
| 2010-04-12 11:23 | ozanpakyuz | ETA | none => < 1 day |
| 2010-04-12 11:23 | ozanpakyuz | Fixed in Version | => 2.0.3775 |
| 2010-04-12 11:23 | ozanpakyuz | Target Version | => 2.0.3775 |
| Main | My View | View Issues | Change Log | Roadmap |
| Copyright © 2006 - 2009 OP Software |  |
