Hello everyone!
I believe that "appgini" has a big limit in relation to the management of security and privacy but I am sure that this can be overcome with some code. I'm not an expert so I need the help of the heroes of the forum!
Here is my question:
how can you prevent access to the "images" folder and the "hook" folder ???
Compared to the "images" folder, the problem is that if a path is stored in the browser, those who do not have the privileges to view the attachments (images, files ...) can still download them and this is a serious problem for the respect of the GDPR.
Compared to the Hooks folder the problem in my case is that I created a CSV file (which updates itself with the names and surnames inserted in the "personal data" table) so as to make a multiple selection possible in another table, and this csv file is accessible to anyone. This is also a serious problem for the law on personal data protection!
Thanks to those who can suggest a solution!
Hello!
Fabiano Gazza
Danger: Everyone can access to hooks forlder and images folder!!!
Re: Danger: Everyone can access to hooks forlder and images folder!!!
Hi Fabiano,
1. Just use Hotlink Protection in your hosting account.
2. Use this line in your .htaccess
Options -Indexes
3. Place an empty index.html file in the folder to prevent browsing your folder, just in case your .htaccess is overwritten or change.
I use this personally and works fine.
AhmedBR
1. Just use Hotlink Protection in your hosting account.
2. Use this line in your .htaccess
Options -Indexes
3. Place an empty index.html file in the folder to prevent browsing your folder, just in case your .htaccess is overwritten or change.
I use this personally and works fine.
AhmedBR
AppGini 22.14 - xampp 3.3.0 - PHP 7.4.30 - Summary reports - Calendar - Mass update - Messages - AppGiniHelper