Great Ideas. Always Flowing.

We are not happy until you are happy. Client satisfaction guaranteed. Whatever your needs and requirements, we have the skills and resources for the job!

Quick login...

Or... now make it easy with Facebook Integration
Connect via Facebook

Top Sellers

Dynamic Registration 4.0

Frustrated over the lack of customization for your user's registration fields? Dynamically setup your DNN Portal with custom registration fields, layout, questions, and other core integration options......

Ultra Video Gallery 4

Ultra Video Gallery is a brother product of Ultra Media Gallery, UVG allows you to upload videos in various format and automatically encode them to flv or H264 format, you also can add videos from internet or record live videos from your webcam.

XMod Pro 2.7 - Forms and Views for Databases

Build high performance, completely customizable data-entry forms and views driven by your DNN and external databases. New built-in tools make it a snap to quickly create data entry forms, data views, and even database tables. Plus, add your own HTML, CSS, Javascript, SQL commands, stored procedures,

Smith Shopping Cart v3.88

The most advanced DotNetNuke shopping cart on the planet. Easy to use e-Commerce, Secure Shopping Cart Software and SEO friendly. B2C / B2B Ecommerce Sites.

Event Calendar and Registration 4.0

One stop solution for events calendar and events registration! FREE DOWNLOAD is available now!

DNN Modules

Forums > Product Discussion - DotNetNuke Modules > Dynamic Forms
Change Folder Type of DynamicForms_Uploads
Last Post 04-25-2012 07:27 AM by Billy. 2 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
BillyUser is Offline
wading in the water
wading in the water
Posts:19
Avatar

--
04-23-2012 06:26 AM
    Hello,

    I have a site that needs users to be able to post documents about themselves to the site via a form. While the information isn't very sensitive, I wanted to take the extra step of setting up a secure folder type to be sure that the information is secured as much as possible.

    I set up a secure file system folder and directed the upload fields to send the file there. I noticed that while the files are going there, they are also going to the default \DynamicForms_Uploads folder. Directory browsing is disabled, but a file name could still be potentially guessed.

    Is there any work arounds for this? If I deleted the auto-generated DynamicForms_Uploads folder and recreated it with a secure file type, would that cause problems? For that matter, if I wanted to secure the
    DynamicForms_Exports folder the same way would that be possible?

    I am using the friendly names--which I could change to make guessing a file name that much harder. Still, I would like to be able to protect those files from access as much as possible.

    Does anyone have any recommendations?

    Thanks,

    Billy
    Chad NashUser is Offline
    Posts:5260
    Avatar

    --
    04-24-2012 03:39 PM
    Hi Billy - The current version of Dynamic Forms does not currently support Secure File Folders. There are a few reasons why but the specific reason why is because once you do this, then you can no longer access files from the standard method but you must "Always" use the "LinkClick.aspx" tool to access those files. Basically this occurs for any folder within DotNetNuke as this is the only way within DNN you can secure files. We are working on a method for allowing this where we handle the code in a similar way (using FileID as a number in reference to the Files table) however this feature is not currently part of the module at this time unfortunately.

    One thing you can usually do is ask Google note to ever try and index anything within those directories (not that they would anyway unless it was a hyperlink somewhere on your site). You can do use this by updating your robots.txt file.

    I would also argue that using the "Unique / GUID" filename is actually just as secure as the file upload within the secure file. I guess I couldn't say "As secure" because if the user were to ever see a hyperlink in an email and saved it then they could always access that file, but the filename itself (a GUID) is generally used as a primary key because the value is so unique.

    http://en.wikipedia.org/wiki/Unique_identifier


    Thanks!

    -Chad
    BillyUser is Offline
    wading in the water
    wading in the water
    Posts:19
    Avatar

    --
    04-25-2012 07:27 AM
    Hi Chad,

    Thanks for the reply. I'll switch from the friendlyname to a system generated file to see if that helps.

    I removed the secure folder(s) as the alternate upload folder and replaced them with a standard folder. After testing it out my files still go to the alternate folder, but also the default DynamicForms_Uploads folder. Is that the expected behavior?
    You are not authorized to post a reply.

    Forums > Product Discussion - DotNetNuke Modules > Dynamic Forms
     
     

    Join our mailing list...

    Get current news and events the easy way
    Subscribe Me

    Recent Blogs...

     
    Copyright 2005 - 2011 by Data Springs, Inc.
     
  • film izle
  • 720 izle
  • film
  • sinema izle
  • film makinesi
  • T�rk�e dublaj film
  • film izle
  • film izle
  • baglan film izle
  • sinema izle
  • 1080 film izle
  • film mercegi