Ticket #13702 (new Bug)
If someone know the file download hyperlink,loggin in user can download it without authority.
Reported by: | 172141102@… | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | Unknown | Version: | 4.0 |
Keywords: | filedownloadhyperlink | Cc: |
Description
If someone know the file download hyperlink,loggin in user can download it without authority.
I set the file status to private. But someone if know the file download hyperlink, can download the file directly. How to fix the issue?
Change History
Note: See
TracTickets for help on using
tickets.
I think this bug should be reported ASAP to the plone security team to : security(at)plone.org ,
as suggested here: http://plone.org/documentation/faq/i-think-ive-found-a-bug-in-plone.-where-should-i-report-it