Feature #12368

attachements should be viewable NOT downloadable for restricted users.

Added by ahsan akhter about 5 years ago. Updated about 5 years ago.

Status:ClosedStart date:
Priority:UrgentDue date:
Assignee:ahsan akhter% Done:

0%

Category:Attachments
Target version:-
Resolution:Invalid

Description

I am new in redmines and I have requirements for my project.
"Attachements should be viewable NOT downloadable for restricted users".It as a security hole for my project.
Please anyone help me to resolve this issue.

History

#1 Updated by Etienne Massip about 5 years ago

Do you mean to see the name of the attachment only? Or to have their contents viewable in browser?

#2 Updated by Etienne Massip about 5 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

BTW, see #7750.

#3 Updated by ahsan akhter about 5 years ago

  • Status changed from Closed to Reopened

Yes,attached documnet's contents viewable in browser.
Just like google docs.
Thanks Massip!!!

#4 Updated by Etienne Massip about 5 years ago

  • Status changed from Reopened to Closed

What's the distinction from a security POV between being able to see contents but not to download the file?

#5 Updated by ahsan akhter about 5 years ago

  • Status changed from Closed to Reopened

if downloads allows then restricted user can copy the original physical file from one location to another and it can be uses illegally.
I want just they can view the content on the browser only.

Thanks Massip to ur response.

#6 Updated by Etienne Massip about 5 years ago

ahsan akhter wrote:

if downloads allows then restricted user can copy the original physical file from one location to another and it can be uses illegally.
I want just they can view the content on the browser only.

If they can see the contents then they'll be able to copy/paste it in a new file on their HD which will eventually be a copy of the original file, I still don't get it?

#7 Updated by fangzheng (方正) about 5 years ago

I think this requirement should not be done by redmine platform.
A popular method is, using a flash object to show the file content (image, text, etc).

#8 Updated by ahsan akhter about 5 years ago

Thanks Massip and fangzheng for your kind response.......!

#9 Updated by Etienne Massip about 5 years ago

  • Status changed from Reopened to Closed

Also available in: Atom PDF