PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Updated file upload field to increase security?

  1. The 1.6 change log includes "Updated file upload field to increase security."
    Can you expand on what that means? I'm interested in limiting access to uploaded files. After the upgrade, I can still get to the uploaded files from anywhere if I know the URL. I'll look into changing the permissions on the upload folder, but also want to know about the changes in 1.6. Thanks.

    Posted 8 years ago on Thursday November 10, 2011 | Permalink
  2. Some changes were made obfuscate the file location. Of course you are going to be able to get to the uploaded files from anywhere if you know the URL, otherwise you wouldn't be able to download the files at all. Some enhancements were made to how file uploads are handled, as well as the directory structure that is used that make it impossible to guess the location or find it through trial and error. However, if the user knows the exact URL to that specific file, there is nothing you can do about it.

    Posted 8 years ago on Thursday November 10, 2011 | Permalink