WordPress.org

Support

Support » Plugins and Hacks » WP-Filebase Download Manager » [Plugin: WP-Filebase Download Manager] Security Issue

[Plugin: WP-Filebase Download Manager] Security Issue

  • Hello I posted about this before but it never got addressed please look into this as I think it is an important security measure.

    The front end upload widget allows users to add a new category and also to add files. In settings if the private files box is clicked (Access to files is only permitted to owner and administrators) it does restrict visibility of files from other users however it does not make categories they add private! I know it says that it will make files private and it does what it says it will do but if you are using this option as a confidentiality security requirement the categories need to be private otherwise it jeopardizes confidentiality.

    Absolutely great plugin by the way.

    http://wordpress.org/extend/plugins/wp-filebase/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Fabian

    @fabifott

    You are right, category permissions are not handled properly.
    Currently, categories can’t have owners, so access cannot be restricted to someone. I might change this in a future release.

    Is it possible now to allow anyone to view/download files, yet only allow some to upload? It looks like I can get the security locked down so only a few can upload, but then nobody can view the files.

    Thanks.

    Fabifott, thank you. You did a great job with this plugin.

    thebane90, you can put the file browser list on a public page and only have the upload widget on a private or password protected page that is only accessible to certain user levels.

    you can add the file list widget to the protected/private page so those can see it also.

    I guess I didn’t explain that enough. I want to limit the ability of users to upload to specific categories. Here’s the situation I’d like.

    User X is a admin for the category Cars.
    When User Y logs in and goes to upload a file, the category Cars should not be available.
    The category Cars should be available for everyone to see/download.

    I basically want to assign an owner and then permissions based off of that.

    I don’t think there are those kind of security features with this plug-in. I did see another one that had user specific content functions i think it was called sp client document and manager

    I got filebase to work nicely for a lot of functions. It would be great if users were able to be a little more interactive with it (category creation with security coverage, delete categories and files they have uploaded, add notes to uploads). Since the developer has worked so hard to make this and he is generous enough to supply it for free I consider the things its lacking minimal.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Plugin: WP-Filebase Download Manager] Security Issue’ is closed to new replies.
Skip to toolbar