How to protect uploaded files?

BruceX · October 10, 2021, 1:05pm

Hi, in my new file upload page, I wish to allow Users to view files online without downloading. This works very easily for PDF files by linking to a URL directly to the PDF or image file. Other files automatically download.

But this amounts to a security hole, that anyone can use a simple URL to access what maybe confidential uploaded files.

I have modified the .htaccess to stop (i thought) unauthorised access to files of the website, and that works mostly. Are there any suggestions on how to plug this hole?

Ideally, I would like the users to online view a PDF or image via a Wappler component, utilising Wappler’s security measures. Is there such a one?

Teodor · October 10, 2021, 1:13pm

So you want to disable direct links to your site files? I.e. if someone enters htrps://mysite.com/files/file.pdf then they can’t see the file?
Is that what are you trying to achieve?

BruceX · October 10, 2021, 1:15pm

Exactly, still to be able to view it via a wappler page somehow.

Teodor · October 10, 2021, 1:22pm

This has been discussed a few times in our community already. For example: