AnsweredAssumed Answered

AWPR download file security

Question asked by txue on Dec 15, 2010
Latest reply on Dec 25, 2010 by rivetlogic
Dear Sir/Madam,

I have a question regarding AWPR My Space panel folder content download security. I appreciate in advance.
After I successfully integrated AWPr into jboss portal, and I logged into Jboss portal, I clicked on AWPr portlet tab, I can get my workspace subfolder and all contents. If the content is not text-based file, when I click on it, the download file panel will pop up you can save the file into your local. If the file is texted based file, when I click on it, I can see a new browser window open and I can read the file. The url is similar like:

http://hostname/alfresco/d/d/workspace/SpacesStore/1fb020f7-ba90-48d6-84be-64ce4a9ecfdf/web.xml


I copy this url and try to open from another computer browser I can also view this file, no matter user is logged or not logged.

I just wondered that the file is not safe enough with url only defining the file location ids. Is there other way to protect it?

Thanks.

Tina

Outcomes