Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeGetting StartedGetting StartedNew to DNN Plat...New to DNN Plat...File Security in DNNFile Security in DNN
Previous
 
Next
New Post
7/23/2010 4:55 AM
 
Chris Venus


Joined: 7/16/2010
Posts: 4
So I'll start off by sayign that I'm new to DNN and then get straight into my current problem...

I have a site which in its simplest form has three user groups that will be able to download files off of teh site. Group A will be able to access File A, group B will be able to access file B and group C will be abel to access Files A and B.

I've set this upusing the Documents module shipped with DNN, I've got two modules on the page, one visible to A and C and one visible to B and C.

The files themselves are in secure directories on the file system (they have a padlock icon instead of the standard folder icon so defintiely secure). There is a directory for file A and a directory for file B. For permissions the one for file A has an explicit tick in the view column for A and a cross for B. Similarly for B.

The problem I have is that I can take the url for File A and if I paste it into my url bar when logged in as user B I get the file download successfully. I would have expected the folder level security to protect the files in that folder from being viewed as well.

Am I missing something here or is the folder security only for when viewing and uploading in the file manager? Are there any fixes for this? alternative modules that would do what I want?

Thanks very much for any help you can provide.

(Cross-posted from http://stackoverflow.com/questions/3311532/secure-file-downloads-in-dotnetnuke/ since I figured there is almost certainly a better base of experts on here)
 
New Post
7/23/2010 11:15 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
secure folders have 2 purposes - 1. stop people directly downloading files (they must be sent via the system), and 2. check permissions. What you're missing here is applying security all the folder level . Create security roles for a,b and c. add your users to them, and then mark the relevant folders with the relevant view permissions.
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
7/23/2010 11:50 AM
 
Chris Venus


Joined: 7/16/2010
Posts: 4
Hmmm... That sounds like what I've done. Ah, and on further investigation I've finally got what my problem was. It appears that while testing I had uploaded the file a couple of times and of course I was referencing one of the earlier files I'd uploaded where I wasn't providing any security at all. I feel a little stupid now but on the other hand I am now 100% sure I understand how the security works, including the fact files are hidden from view if you don't have permission to write to them which is somethign I was after and didn't think I had! :)

Thanks for your time Cathal and sorry to have wasted it a bit. On the other hand I'd have not noticed my mistake if you hadn't posted so not entirely wasted I guess. :)
 
 Page 1 of 1
Previous
 
Next
HomeHomeGetting StartedGetting StartedNew to DNN Plat...New to DNN Plat...File Security in DNNFile Security in DNN


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out