Support » Plugin: File Away » Requiring login for file access via direct links

  • Is there a way to require that direct file links can only be accessed by a logged in user? While someone cannot access a folder within File Away without being logged in from what I can tell, if they have the direct file link it can still be accessed without being logged in. I am using woffice/buddypress and File Away for an extranet and would like to include internal documents for employee access, however this presents a security concern. Is this possible, either through wordpress/buddypress configuration, File Away itself, or through another plug-in used in conjunction with File Away?

    • This topic was modified 3 months, 4 weeks ago by  birdie2000.
Viewing 4 replies - 1 through 4 (of 4 total)
  • It seems to me that Unix file permissions and web server configs, unless overridden by the plug-in in WordPress would prevent someone from accessing a direct file link. I’m not sure how the plug-in doe that. Have you read the install docs?

    Hi birdie2000, hi wvanbusk, did you solve this issue anyhow? I’ve the same problem. If someone finds out to a direct link to a document, he can get to it without beeing prompted for login.

    Ralf

    Most common is to setup Apache with a virtual host and config allow internal lan users. You could use a subdomain, different path for wordpress and the files and block external users in the firewall port forwarding. I’m not sure any other way is truly secure unless login is required for all wordpress users. Security is complex.

    https://httpd.apache.org/docs/trunk/vhosts/examples.html

    Login is required for all WordPress users on the site in question, as far as I know.

    We have not figured out a resolution at this time. Our IT admin found a potential solution that did not pan out. I will ask him about the virtual host from wvanbusk and see if that would accomplish what we need.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.