WordPress.org

Ready to get started?Download WordPress

Forums

WP-Filebase Download Manager
Security Issue (8 posts)

  1. beeann
    Member
    Posted 1 year ago #

    Hello I posted about this before but it never got addressed please look into this as I think it is an important security measure.

    The front end upload widget allows users to add a new category and also to add files. In settings if the private files box is clicked (Access to files is only permitted to owner and administrators) it does restrict visibility of files from other users however it does not make categories they add private! I know it says that it will make files private and it does what it says it will do but if you are using this option as a confidentiality security requirement the categories need to be private otherwise it jeopardizes confidentiality.

    Absolutely great plugin by the way.

    http://wordpress.org/extend/plugins/wp-filebase/

  2. Fabian
    Member
    Plugin Author

    Posted 1 year ago #

    You are right, category permissions are not handled properly.
    Currently, categories can't have owners, so access cannot be restricted to someone. I might change this in a future release.

  3. thebane90
    Member
    Posted 1 year ago #

    Is it possible now to allow anyone to view/download files, yet only allow some to upload? It looks like I can get the security locked down so only a few can upload, but then nobody can view the files.

    Thanks.

  4. beeann
    Member
    Posted 1 year ago #

    Fabifott, thank you. You did a great job with this plugin.

    thebane90, you can put the file browser list on a public page and only have the upload widget on a private or password protected page that is only accessible to certain user levels.

  5. beeann
    Member
    Posted 1 year ago #

    you can add the file list widget to the protected/private page so those can see it also.

  6. thebane90
    Member
    Posted 1 year ago #

    I guess I didn't explain that enough. I want to limit the ability of users to upload to specific categories. Here's the situation I'd like.

    User X is a admin for the category Cars.
    When User Y logs in and goes to upload a file, the category Cars should not be available.
    The category Cars should be available for everyone to see/download.

    I basically want to assign an owner and then permissions based off of that.

  7. beeann
    Member
    Posted 1 year ago #

    I don't think there are those kind of security features with this plug-in. I did see another one that had user specific content functions i think it was called sp client document and manager

  8. beeann
    Member
    Posted 1 year ago #

    I got filebase to work nicely for a lot of functions. It would be great if users were able to be a little more interactive with it (category creation with security coverage, delete categories and files they have uploaded, add notes to uploads). Since the developer has worked so hard to make this and he is generous enough to supply it for free I consider the things its lacking minimal.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.