Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorization does not prevent reading files in upload folder #58

Open
ramstein74 opened this issue Apr 26, 2016 · 1 comment
Open

authorization does not prevent reading files in upload folder #58

ramstein74 opened this issue Apr 26, 2016 · 1 comment

Comments

@ramstein74
Copy link

Hi,
I check the "authorization" check box.
dpd.fileupload.get is not allowed to read the contents of upload folder but if i go to the url via browser i can open the uploaded files. It should be protected ?
Can you encrypt the file name somehow? and save the real filename somewhere ?
@tenowg
Copy link

tenowg commented May 10, 2016
edited
Loading

because the files are uploaded to a public directory, this would currently be expected behavior. If the files were uploaded to a private directory, and then streamed though node on a get, it would be possible with an img/picture tag pointing to the api, but this is not implemented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tenowg @ramstein74