Feature #12368
attachements should be viewable NOT downloadable for restricted users.
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assignee: |  ahsan akhter | % Done: | 0% | |
| Category: | Attachments | |||
| Target version: | - | |||
| Resolution: | Invalid |
Description
I am new in redmines and I have requirements for my project.
"Attachements should be viewable NOT downloadable for restricted users".It as a security hole for my project.
Please anyone help me to resolve this issue.
History
#1
Updated by Etienne Massip over 9 years ago
Do you mean to see the name of the attachment only? Or to have their contents viewable in browser?
#2
Updated by Etienne Massip over 9 years ago
- Status changed from New to Closed
- Resolution set to Invalid
BTW, see #7750.
#3
Updated by ahsan akhter over 9 years ago
- Status changed from Closed to Reopened
Yes,attached documnet's contents viewable in browser.
Just like google docs.
Thanks Massip!!!
#4
Updated by Etienne Massip over 9 years ago
- Status changed from Reopened to Closed
What's the distinction from a security POV between being able to see contents but not to download the file?
#5
Updated by ahsan akhter over 9 years ago
- Status changed from Closed to Reopened
if downloads allows then restricted user can copy the original physical file from one location to another and it can be uses illegally.
I want just they can view the content on the browser only.
Thanks Massip to ur response.
#6
Updated by Etienne Massip over 9 years ago
ahsan akhter wrote:
if downloads allows then restricted user can copy the original physical file from one location to another and it can be uses illegally.
I want just they can view the content on the browser only.
If they can see the contents then they'll be able to copy/paste it in a new file on their HD which will eventually be a copy of the original file, I still don't get it?
#7
Updated by fangzheng (方正) over 9 years ago
I think this requirement should not be done by redmine platform.
A popular method is, using a flash object to show the file content (image, text, etc).
#8
Updated by ahsan akhter over 9 years ago
Thanks Massip and fangzheng for your kind response.......!
#9
Updated by Etienne Massip over 9 years ago
- Status changed from Reopened to Closed