SP Project & Document Manager
Security question (4 posts)

  1. maxsupernova
    Posted 3 years ago #

    Hi there,

    Searching the help forum here, I found that Moneygala asked this question at the end of a thread 4 months back and didn't get a reply. I have the exact same question:

    "On the subject of security:

    Files are simply uploaded to the 'uploads folder' - by typing the general upload location in the browser, all uploaded files are visible to the public.

    Do you have any plans to resolve this or indeed a 'work-around'?"


  2. smartypants
    Plugin Author

    Posted 3 years ago #

    In the latest version you can move your directory, also it is recommended that you disable directory indexing on your server. In the future we have plans to move the uploads directory to a non web accessible directory but this will have major conflicts across the board with servers that don't support fread() to serve files.

  3. Christine
    Posted 3 years ago #

    This may be useful/ relevant: I found a possible solution for protecting the uploads folder to users who are not logged in.
    I tried it a while back and it did work.
    stackexchange link.

  4. smartypants
    Plugin Author

    Posted 3 years ago #

    Yeah that should work, when it comes down to security the plugin can only do so much. You have to harden your server as well.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • SP Project & Document Manager
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic