Home arrow Forum

Remository Forum

 


Boardwalk :: Forum List Remository Feature Requests for Remository
David

 
 Anti-Leach - 2005/08/22 20:40 Hi,

It would nice if the anti-leach prefix is not generated from $mosConfig_absolute_path as it is fix for all files.

For security reasons I suggest to have it generated from system date and time.

Therefore, in the function gotuploadfile I suggest to change the respecive line this way:

$leach_code = substr(md5(date('r')),0,8);

Also, it would be better not to have the full file name set as default file title. The respective line can look like this:

if ($file->filetitle == '') $file->filetitle = $FileName;

David
  | | Sorry, you do not currently have permission to write here.
admin

Karma: 98  
Re:Anti-Leach - 2005/08/22 21:41 Thanks, those are good suggestions. I have incorporated them into the code, so they will be included in the release of Remository 3.20.

I'd just like to emphasise, though, that I am strongly discouraging people from using the old anti-leach facility. Recent versions of Remository are designed to work in a way that means that complete security can be achieved without the messy business of prefixing file names with peculiar characters.

Two completely secure approaches are:

1) Place the file downloads directory outside the Apache document root, making the files wholly inaccessible via any URL, or

2) Use .htaccess to prohibit any Apache access to the downloads directory.

In Remository 3.40 a further mechanism will exist that will be wholly proof against leaching - the ability to store the files in the database. Martin Brampton aka Counterpoint
http://aliro.org
http://black-sheep-research.com
  | | Sorry, you do not currently have permission to write here.
Boardwalk :: Forum List Remository Feature Requests for Remository

Aliroboard Forum Component 1.2
Aliro Software

Menu

Advice Notes

Login

Subscribe to Premium Support

Get priority support for Remository and Glossary, sign up now for a Premium Support monthly subscription:

Your Remository user name

Or purchase a year's support:

Your Remository user name

Recommended SEF

SEF Advance

Who is Online

Remository welcomes guests and visitors

We have 10 guest online