Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

5.0.d security issue with internet download manager

samirastucia
Champ in-the-making
Champ in-the-making

‎01-27-2016 12:09 PM

Hello every body,

I made an alfresco 5.0.d new installation in windows server 2012 R2, i revoked the download action for site consumers, but for those who have IDM (internet download Manager installed in their browser), the browser promt for download the pdf file even if there is no download button.

Can some one tell me how to prevent this issue?

Thank you very much for your help.
Labels:
Preview file
485 KB
0 Kudos
3 REPLIES 3

afaust
Legendary Innovator
Legendary Innovator

‎01-28-2016 04:07 AM

Hello,

if you don't want tools like IDM to be able to offer download to those types of restricted users, you must completely remove any potential URL reference to the actual document download from the page. This also includes disabling the PDF / document previewer which internally "downloads" fragments of the document for display and uses an URL reference that would allow full download. IDM very likely picks up this URL and provides the download option based up on that.

Regards
Axel
0 Kudos

samirastucia
Champ in-the-making
Champ in-the-making
In response to afaust

‎01-28-2016 10:41 AM

Thank you Axel for your reply,

What if we use a SWF previwer instead of the pdfjs ?
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎01-28-2016 11:54 AM

The SWF previewer would likely still result in IDM providing a download option, but the downloaded file will be a reduced quality rendition of the original document.

Technically, as long as you expose any previewer capability, IDM is likely to provide something to download. Even if that is only a rendition, the URL provided can be manipulated by users to still download the original document. Everything you are doing to restrict the ability of download is only UI focussed. Technically, if a user has READ access to a document inside Alfresco and is somehow able to piece together the URL to it, they can download it (the URLs aren't that complex either).

Regards
Axel
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC