Hi
Are attachments uploaded to WPForo meant to be accessible to users not logged in to the forum? Because on my site they are, and they are in a members only section. I thought there'd be inherited security? It seems a bit counterintuitive to me. Is there a setting I may have missed?
Thank you!
Dashboard>wpForo>Accesses>Read Only(Guests)>Can view attachments ?
Thanks. However, the attachment is still accessible in via the URL in the new topic and new reply emails, it's linked and there seems to be no validation check.
@johno hi,
I have the same problem as you: I do not want uploaded files to be reachable via a direct link for unregistered users (if you are not registered, you cannot see the file even with the link).
Have you found a good solution to this problem?
Thanks 🙂
The only thing I use is to ensure that users are subscribed to the correct forums - that way they don't receive notifications they are not entitled too. Which is a pain as for some reason, some users are subscribed to all updates...
As my use case is low security anyway, it's only a beekeeping club, I'm ok. But I'd imagine others will want a less hands on and more secure method. Scrubbing email attachment links from email notifications would be one method but that's security through obscurity, not best. The best solution would be an authentication check. A massive security hole without this. Very odd it's apparently not being addressed.
OK, I understand... thanks for your prompt reply, if I find another solution I will update you 🙂