- Tue Jan 31, 2012 12:12 am
#18869
Hello,
I've started experimenting with this feature:
Links to Input Documents via:
http://wiki.processmaker.com/index.php/ ... _DynaForms
Specifically, identifying a url like this that points to an uploaded resource:
http://<IP-ADDRESS>/sys<WORKSPACE>/<LANG>/<SKIN>/cases/cases_ShowDocument?a=<CASE-DOCUMENT-UID>
I've noticed that when I'm logged out of processmaker, that when I copy and paste a link to a document into a new browser window (for example, if it's a link that is in my email) I can access and download the file without any login credentials being asked.
While someone blindly pinging for a file on a processmaker server via a hash is really improbable, are there are plans to secure these documents? Maybe requiring username/password when attempting to access a file?
I would have thought these files are secured by default. Am i missing something? Perhaps there is some setting/configuration that I or someone else earlier configured that I am not aware of in my processmaker installation?
I've started experimenting with this feature:
Links to Input Documents via:
http://wiki.processmaker.com/index.php/ ... _DynaForms
Specifically, identifying a url like this that points to an uploaded resource:
http://<IP-ADDRESS>/sys<WORKSPACE>/<LANG>/<SKIN>/cases/cases_ShowDocument?a=<CASE-DOCUMENT-UID>
I've noticed that when I'm logged out of processmaker, that when I copy and paste a link to a document into a new browser window (for example, if it's a link that is in my email) I can access and download the file without any login credentials being asked.
While someone blindly pinging for a file on a processmaker server via a hash is really improbable, are there are plans to secure these documents? Maybe requiring username/password when attempting to access a file?
I would have thought these files are secured by default. Am i missing something? Perhaps there is some setting/configuration that I or someone else earlier configured that I am not aware of in my processmaker installation?