No internet connection
  1. Home
  2. Issues

Images are not protected by login

By Dave Gallant @davegallant
    2021-02-11 16:48:06.010Z

    I have a deployment of Talkyard that is using Single-Sign-On and requires users to be logged in to view content.

    I noticed that images that are uploaded are not protected by login.

    For example, I can access this without being logged in:
    https://mytalkyard.com/-/u/pugdqtks9r/2/j/uk/exiwdyt3ei5p2e6zfpc4es6bqbmdjk.png

    Is there a way to protect all images from users that are not logged in?

    Reply
    • 1 replies
    1. KajMagnus @KajMagnus2021-02-12 16:34:19.340Z

      Not currently. The image URLs are not possible to guess — one needs to either have access to the discussion topic itself, or get a direct link to the images from someone.

      Still, real image access control would be a good feature to have.

      Maybe this could be mentioned in the installation instructions and in the admin settings

      Reply1 Like
      1. Progress
        with handling this problem
      2. @KajMagnus marked this topic as Planned 2021-03-16 22:32:57.223Z.
      Reply (discussion)Add progress note