vb.org Archive - attached files privacy

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - attached files privacy (https://vborg.vbsupport.ru/showthread.php?t=130366)

hawork

10-30-2006 11:02 AM

attached files privacy

Hello!

I have my attached files stored in a folder in forum (forum/attached). The thing is that I only give permissions to download attached files to registered users. However anyone can access to my attachement folder only browsing with their navigator going to the url: http://mydomain.com/forum/attached

Is there any way to avoid this kind of access?

Thanks in advance!:up:

Will it work if I change this folder permissions to chmod 666?

ericgtr

10-30-2006 02:46 PM

Interesting, I guess I never paid attention to this but you are right. A couple of things to consider are that the actual URL is never given so someone would have to know the name of your attachment directory. The other thing is that the files are non-descript eg. file.attach so there is no telling what that file actually is.

Still, protecting it is a good idea. You can drop a simple blank index.htm in the root of your attachment fold and it won't be accessible. To do this create a blank .txt file and rename it to index.htm and upload it into the root of your attachment folder.

r007	10-30-2006 03:04 PM

Quote:

Originally Posted by ericgtr

Still, protecting it is a good idea. You can drop a simple blank index.htm in the root of your attachment fold and it won't be accessible. To do this create a blank .txt file and rename it to index.htm and upload it into the root of your attachment folder.

Based on how the files are stored (/attachments/u/s/e/r/i/d/ or /attachments/userid/) you can still see the directory listings knowing the userid of the person you want to see. (Since you don't have a index.htm file in every directory)

The way to make it so no one can see the listings is to just redirect people when they try to go there.

So just create a .htaccess file and put this in it:

Code:

Redirect permanent /forum/attached/ http://localhost/forum/

(Changing the URL accordingly)

tobybird

10-30-2006 03:12 PM

Or couldn't you just simply add the following to your .htaccess for the attached folder:

Code:

Options All -Indexes

hawork

11-01-2006 11:00 AM

I like this two last options because if i have to insert an index file in every folder could be much work.

Right now I set my folder with permissions chmod=666 and it is working alright but I have to test it. When you try to access it gives a 'forbidden' error and I like this because people know they are acting in a wrong way ;-)

All times are GMT. The time now is 07:49 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01952 seconds Memory Usage 1,717KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (5)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: