Thread:Project:Support desk/File Access Security Gap/reply

Hi Marcus,

basically, if you want to keep information private: Don't post them on the internet. However, you have one point: When it is a private wiki so that only registered users can view it, then one should also expect that uploaded files should be private as well.

That they currently are not is at least astonishing.

Maybe it would be possible to restrict access, e.g. via .htaccess password protection, however, if you have a user, who wants to distribute a file he himself can access, then he does not need to send people the link. Also without the link he still can e-mail the file around, upload it somewhere else, copy it on a USB stick etc. If someone really wants to distribute data, he just is able to do that.