Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Standard File/Folders security and permissions
See original GitHub issueDescription of bug
Users are able to access assets files in a Standard folder without View and Read privileges.
Steps to reproduce
- Go to
Site Assetsand createStandardtype folder - Add any asset to folder (i.e. any txt file)
- Go to folder
Properties->Permissions - Disallow
viewandreadpermission - Get the URL of a file from the Standard folder
- Log out from DNN
- Navigate to the file URL
Current result
The file opens without having the permission to view it.
Expected result
Expected that file should be secured by the permissions and users cannot view or read it without having the permission to do so.
Screenshots
Affected version
- 10.0.0 nightly build
- 9.4.1 nightly build
- 9.4.0 release candidate
- 9.3.2 latest supported release
Issue Analytics
- State:
- Created 4 years ago
- Comments:15 (14 by maintainers)
Top Results From Across the Web
Understanding File and Folder Permissions in Windows
Summary: Windows provides two sets of permissions to restrict access to files and folders: NTFS permissions and share permissions.
Read more >How to Check Files and Folders Permissions in Windows
There are six standard permission types which apply to files and folders in Windows: Full Control – This permission allows the user to...
Read more >How to set folder security permissions in Active Directory
Go to Computer Configuration > Policies > Windows Settings >Security Settings and right-click File System> Add File. The 'Add a file or folder' ......
Read more >Give permissions to files and folders in Windows 10
1) R-Click on Program Files -> Properties -> Security Tab · 2) Click Advanced -> Change Permission · 3) Select Administrators (any entry)...
Read more >NTFS Permissions : An Overview
By default, NTFS permissions for files and folders inherit the permissions of their parent folder. The primary purpose of file system permissions inheritance...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
At this point in time, the standard folder provider has never been suggested as the pathway to share secure file assets. The permissions as applied to “Standard” folders are simply permissions set to control who can view through the DNN Interfaces those folders etc.
Changing this direct linking behavior would have a catastrophic impact on site performance as remember this would impact every image or other asset managed through the HTML Editors. Therefore I agree that @bdukes is correct in that if security is desired, you need to use the “Secure” folder type.
Lastly: PLEASE remember any security concerns should be directed to security@dnnsoftware.com and not directly here. I’m leaving this here as this is a documented feature, but for future reference, we need to be sure to adhere to the policies to not draw undue attention.
Option three has been the position of the team, historically. If you need security for files, you must use a different folder provider.