Security

Secure Roxy FilemanFileman's PHP or .NET scripts will not manipulate files or folders that are outside the directory set in FILES_ROOT setting. Also Fileman script which is not set in the configuration cannot be executed - it will exit.
Example: 
MOVEDIR is set to "your_script_to_move_dir.php", if the original Fileman "php/movedir.php" script is requested, it will check the configuration and exit, because the mismatch of it's own name and the value of MOVEDIR setting. The same mechanism is used in the .NET distribution.

However, it's up to you to implement application level access restriction! If you are using protected directory and Fileman resides in it, you are good to go.

 

.NET users can use web.config file to apply user authentication.

 

To implement your own security checks in PHP, you have to fill "checkAccess($action)" function located in fileman/php/security.inc.php file. This function is executed in the beginning of each PHP script, and you can validate user or the action which is about to be performed ($action will contain the name of the setting i.e "MOVEDIR" when moving directory). Usually user login validation is pretty simple, it could be something like "if($_SESSION['is_admin_logged'] !== true)exit;".

You can also use HTTP Basic authentication or any other authentication mechanism you want.


 

User comments

Please see the FAQ page before ask a question.

I don't review comments very often, and I will NOT answer the questions asked here, please use the contact form.

L. Arsov


Author: Lesseig 11-04-2019 10:04:10 (GMT)
Meloxicam 7.5 Purchase India Pharmacy Generic Cialis Acquisto Levitra Italiano <a href=http://yafoc.com>propecia 100mg</a> Substitute For Propecia Fiat Propecia
Author: nkotbdake 07-03-2019 11:39:20 (GMT)
New Kids on the Block is my favourite pop-band of 90s. They had so many hit songs! The ones I remember are 'Tonight', 'Baby, I Believe In You' and their hit 'Step By Step'. These are real songs, not garbage like today! And it is sooo good they have a tour in 2019! So I'm going to visit their concert in 2019. The full list is here: <a href="https://newkidsontheblocktour2019.com">New Kids on the Block tour dates 2019</a>. Check it out and maybe we can even visit one of the performances together!
Author: Anthony 21-02-2019 04:30:21 (GMT)
interesting post thank you for sharing this An elective alternative is to divert the individual who needs to get to the record specifically to an alternate area, so rather than the above code you would need to compose the accompanying in the footer.inc.php file.The most strong approach to prepare for this plausibility is to keep your web server from calling the library contents straightforwardly, either by moving them out of the report root, or by placing them in an organizer arranged to reject web server get to.I'm working ( https://essayservices.org/ ) company Writing your academic essays and help you generally to diminish your pressure.
Author: Sanjeev kumar 29-09-2018 07:37:38 (GMT)
How we call session in security inc.php they give error Undefined variable: _SESSION
Author: zinchronize 29-12-2016 08:50:25 (GMT)
I inject a code inside the a code inside the main.ashx file under public method "ProcessRequest". Sample snippet below:

public void ProcessRequest (HttpContext context) {

//Custom code here
var auth = new SMIC_Intranet2.Models.AuthorizationGateway();
.UsersRepository credentials = auth.AuthorizeUser();

if (!(credentials.Role == SMIC_Intranet2.Models.UserRoles.ADMINISTRATOR || credentials.Role == SMIC_Intranet2.Models.UserRoles.PUBLISHER))
{
//here throws 401 if condition has met otherwise continue execution
context.Response.StatusCode = 401;
context.Response.End();
}



}
Author: Daniel Wiberg 23-09-2014 09:40:00 (GMT)
@Martin Curly
Sorry for late response.
Open the "Web.config" file in "fileman" directory
Add this three lines right under "<system.web>"
<authorization>
<deny users="?" />
</authorization>

When you do that you deny all users that are not logged in.
Author: Martin Curly 14-09-2014 10:15:20 (GMT)
".NET users can use web.config file to apply user authentication."

How this process?. Please helpme.

Add comment