Complete secured FAQ: restrict images access to logged in users only.

[Atmis]

Hello,

I am evaluating phpMyFAQ (3.1) for my work team, functionalities perfectly match our needs. This is great tool, thank you for your hard work!

As this FAQ would be for internal use in our case, I have enabled the complete secure FAQ option. This indeed secures the content, but not the access to the images embedded in FAQs.

Images are still accessible anonymously through their URL, ie https://phpmyfaq.domain.tld/images/1651138176mceclip0.png for example. Of course, you would have to guess to image name to access it, but this is not a complex UID, and there may be sensitive data in images like screenshots.

Do you think it would it be possible to restrict images access to logged in users only? Or at least to improve the offuscation ?

Danke

Pierre

[thorsten]

That could be possible to route the images through a PHP based check. This solution has a lot of impacts on various phpMyFAQ features like exports and so on. I have to think about the best solution.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.