Sensitive Data / Acess files via direct URL without login

[sunconcept]

Hi Guys,

I have sensitive Data in my Phoca Download, which can only be accessed via logged in users.

However, I found out, that if you know the exact path to the files, you can allways type it into your browser and access the files as a guest and dont need to login.

How can I change this? The files should only be accessable via login and via Phoca Download.

Greetings
Tobias

[Benno]

Hi,
see: https://www.phoca.cz/documents/17-phoca ... tml-folder

Kind regards,
Benno

[sunconcept]

Hi Benno,

thanks for the reply. But we can't get aut of the public_html folder on our hosting.

Is it enough to put a htacess with

Order deny,allow
Deny from all

in the folder?

Greetings

[Benno]

Hi,
I'm not really an expert in these things. Try it...

Kind regards,
Benno

[sunconcept]

HI Benno,

thanks for the support. It works with the htaccess solution.

I have another short question.

I have phoca download configured only for registered members. But they are seeing all categories, also the ones which the dont have permission. Is it possibly to configure that they only see the category (for what the have permission)?

Greetings
Tobias

[Benno]

Hi,
Yes, this is possible. But you need to set 'Access Rights' individual for each registered user for each category.

Backend settings:


Frontend: benno-test is logged in, who has 'Access Rights' to see this category:


Frontend: Benno is logged in, who has no 'Access Rights' to see this category:


Kind regards,
Benno

[sunconcept]

I think I have done it this way... But I have only one menu item with a link to the overall category view. And it shows every categorie, even the ones which the user dont have permission.

- cat 1
- cat 2 (you only have permission here)
- cat 3

Greetings
Tobias

[Jan]

Hi, do you use some cache settings?

Jan