files: Require authentication to view attachments
This feature adds a setting to the control panel to require signing in to view attachments. This is in addition to the security already provided in the download URLs. Currently, download URLs are signed for a specific help desk, and automatically expire after about 24 hours. The exact timing is the following midnight allowing for at least 12 hours cache time. Administrators can impose this extra security feature to refuse serving attachment files if the user is not currently signed in. This could prevent third-party users from viewing an attachment if they were able to get access to the download URL before it expired.
Showing
- file.php 15 additions, 0 deletionsfile.php
- include/class.config.php 6 additions, 0 deletionsinclude/class.config.php
- include/i18n/en_US/help/tips/settings.system.yaml 12 additions, 1 deletioninclude/i18n/en_US/help/tips/settings.system.yaml
- include/staff/settings-system.inc.php 10 additions, 0 deletionsinclude/staff/settings-system.inc.php
Loading
Please register or sign in to comment