Hello Cem,
in FileVista I can download any file without authentication by just using the direct download link.
Example:
https://www.tilope.net/filemgr/filevistacontrol/download.ashx?inline=1&rootFolderID=4&relativePath=transfer&fileName=41.mp4
It seems that any security setting is disabled by using this direct link. The intruder just needs to guess the correct filepath.
Chris
Chris
5/3/2010 2:24 AM
Hi Chris,
No it's not a security issue. You can access the file with that link only if your session is still active. When you log out or try in another browser you will see that you are redirected to expired.aspx.
Cem Alacayir
5/3/2010 5:27 AM
Cem is right, no intruder or google are able to "link" the files when the session is not active.
This is the first thing I tested, so it`s secure 100% !
Amel
5/3/2010 2:37 PM
Hi there,
disregard the post!
It's strange - I logged out and could still access the files.
However, after a new test right now, the session expired message comes up.
Thank you for the quick update.
Chris
Chris
5/3/2010 3:56 PM