Hi,
I have a wiki where the users have to login to be able to access it.
In the wiki, I upload files (like PDF file) and users click on a link to
open the files...
When they click on a link to a file (PDF, DOC... etc...), the address in the
address bar looks like:
http://wikiname/.....some_stuff/images/a/7/file.pdf
All is normal... (as for I'm concern...)
Now : if I copy this address and send it to a user that IS NOT loggued on
the wiki, he's able to open the file. He have direct access to the file,
without login to the wiki.
!!!!! I'm surprise of this behavior, as it skips all the security I have put
in the LocalSettings.php... I missed something ??? It's related to some
rights on the IMAGES directory ?
(PS sorry for my English, I speak french)
Thanks in advance !
Pierre