URL Security - Administration and Configuration

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

Home All Forums

6/4/2009 6:52 PM

Gavin Stevens

Joined: 3/30/2007

Posts: 10

URL Security

If I create a new folder under Portal Root in my site and only allow one role access to the folder. If I upload an image to the folder, I can still access it with a URL domain/portals/0/Folder/image.png

Is this not what the security was intended to do ? How do I protect the contents of the folder only for specific roles?

6/4/2009 6:56 PM

Sebastian Leupold

www.dnnwerk.de
Joined: 3/8/2004

Posts: 46212

Re: URL Security

To protect files from being accessed via URL, create a secure folder (file system) in Admin :: File Manager (noticable by the lock icon).

Cheers from Germany,
Sebastian Leupold

Speed up your DNN Websites with TurboDNN

6/4/2009 7:10 PM

Gavin Stevens

Joined: 3/30/2007

Posts: 10

Re: URL Security

If I do this, I then have to upload everything through the file manager?

I have root access to my server, I wanted to add a subdirectory under my Portal/0/ root like:

Portal/0/

Dir1/Mainpage.html

Dir1/FlashVideo.swf

where my flash video is referenced by the mainpage.html.. If I store these files in the secure file system wont the html page no longer be able to see the swf file sitting in the same folder as it is.. doesn't everything have to come out of dnn with File Tokens after storing in a secure file system?

6/4/2009 7:35 PM

Sebastian Leupold

www.dnnwerk.de
Joined: 3/8/2004

Posts: 46212

Re: URL Security Modified By Sebastian Leupold on 6/4/2009 7:36:02 PM

no. create secure folder and move files, both in Admin :: File Manager.

Cheers from Germany,
Sebastian Leupold

Speed up your DNN Websites with TurboDNN

6/4/2009 11:34 PM

Gavin Stevens

Joined: 3/30/2007

Posts: 10

Re: URL Security

As I had feared...

My .html page hosts the FlashMovie.swf file, which it now can't find because it's stored in the secure filesystem. This works fine not in the secured file system.. I guess my only other option is to provide authentication in a subdomain and to use active directory to secure it by user?

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618; yie8)
Timestamp: Fri, 5 Jun 2009 03:29:19 UTC

Message: 'swfobject' is undefined
Line: 26
Char: 13
Code: 0

Page 1 of 3

These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving / removing a thread or post or comment.
English language posting only, please.

Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

DNN Corp. (DotNetNuke)