Phoca Forum

Posted: **11 May 2010, 13:21**

Quite simply, is there a way to cloak the download link with a random string so that it can't be edited to get files which a user isn't entitled to?

Something like changing this:

http://DOMAIN/index.php?option=com_phoc ... download=1

to this:

http://DOMAIN/index.php?option=com_phoc ... dsa893hd89

That is, generate a random string for the file which only lasts for the duration of the stay so that it can't be edited to take another file.

(NB all users are registered here, they just have different statuses within that category.)

Posted: **12 May 2010, 12:50**

Hi, sorry I don't understand - in the URL there is no name of the file and you need to identificate it somehow

Posted: **12 May 2010, 16:44**

Jan wrote:Hi, sorry I don't understand - in the URL there is no name of the file and you need to identificate it somehow

No, but there's a number. It doesn't take a lot of guesswork to change that in the URL and download a different file.

Posted: **12 May 2010, 21:15**

but how will the script identify that the added key is the right - if there will be no ID and the key should be changed?

Posted: **13 May 2010, 12:54**

I found an extension which does this: http://extensions.joomla.org/extensions ... oads/10717

It disguises the URL so that people can't try to guess the download string for another file.

Phoca Forum

Can you hide the download link url?

Can you hide the download link url?

Re: Can you hide the download link url?

Re: Can you hide the download link url?

Re: Can you hide the download link url?

Re: Can you hide the download link url?