AnsweredAssumed Answered

Security in Alfresco files

Question asked by omkar on Apr 4, 2016
Latest reply on Apr 4, 2016 by afaust

   I am currently using Alfresco Community version 4.2 and have observed one potential security concern. When a file is uploaded in Alfresco, it gets uploaded  to the 'contentstore' in date wise folder structure. Thus, when I uploaded a '.png' image today (04-Apr-2016) it got saved in the folder "alf_data/contentstore/2016/4/4/13/40/c431a2e1-f90f-49be-ab7b-b70a7544cac9.bin". When I physically go to this location and download the '.bin' file and open it I could see the file contents as it is. Moreover, if the extension is changed to '.png', the file open properly as an image file and thus user is able to see and modify all the data at back end. Sometimes, as an IT service provider, we do have to give the credentials of the Admin user in Alfresco to our customer and they can modify the data. This appears to be a major security concern. Can someone suggest a solution on this in the Community version itself.