New to Contour and creating forms. I have a form with a file upload. So looks like the file that was uploaded is available via a url, but that url is accessiable by anyone, even if they are not logged in.
So is not secure. Is there anyway to make these uploaded files NOT available just anyone? I understand someone would have to know the exact URL and file name to access the file (and that is highly unlikely), however still need to know these files are secure because they may contain sensitive information.
Part of that path is a GUID that changes for each upload (just tested with Contour 3.0.23-Build.20). So, this is the folder you'd want to protect with IIS (haven't tried it myself):
/Umbraco/Plugins/umbracoContour/files/
I imagine Umbraco users would still be able to download the files when viewing the form entries, but if not then I think Contour Contrib has a workflow step to attach files with an email, and I imagine security could be configured to allow certain Umbraco users to have access to the folder.
file uploads are not secure?
New to Contour and creating forms. I have a form with a file upload. So looks like the file that was uploaded is available via a url, but that url is accessiable by anyone, even if they are not logged in.
So is not secure. Is there anyway to make these uploaded files NOT available just anyone? I understand someone would have to know the exact URL and file name to access the file (and that is highly unlikely), however still need to know these files are secure because they may contain sensitive information.
Is this possible with contour as it is now ?
Hi Karen,
you can use this package to solve this:
http://our.umbraco.org/projects/website-utilities/media-protect
Sören
HI Sören,
Thanks for the suggestion. Unfortunately these sites are currently on IIS6, so doesn't look like this package will work.
I was thinking though of using IIS to password protect the Contour file upload directory. Not sure how this will work though.
Comment author was deleted
Yeah you can simply protect the dir with iis https://support.winhost.com/kb/a671/password-protecting-directories-in-iis.aspx
In case anybody is curious, this is where Contour uploads files to:
Part of that path is a GUID that changes for each upload (just tested with Contour 3.0.23-Build.20). So, this is the folder you'd want to protect with IIS (haven't tried it myself):
I imagine Umbraco users would still be able to download the files when viewing the form entries, but if not then I think Contour Contrib has a workflow step to attach files with an email, and I imagine security could be configured to allow certain Umbraco users to have access to the folder.
is working on a reply...