[TYPO3-english] Extension naw_securedl bug or intentional?
Henrik Fosgerau
hf at oerskov.dk
Wed Jun 24 15:05:49 CEST 2009
I'm using the extension "Secure downloads" - naw_securedl
It works as described - allowing access to files only for some FE-user
groups.
But after testing access to files, I discovered that I can access protected
files without being logged in as a FE user.
In the backend interface I accessed the file from the fileadmin module list
of files.
The URL I got via backend is similar to the protected frontend URLs.
Example:
/index.php?eID=tx_nawsecuredl&u=0&file=fileadmin/Folder1/Folder2/filename.pd
f&t=1543931241&hash=5cea3933c0ac248f5fba25360785a260
When I use this URL I can access the file from a browser without being
logged in as a FEuser.
Does anybody know if this behavior is intentional or a bug?
Henrik Fosgerau
More information about the TYPO3-english
mailing list