Images are not protected by login
I have a deployment of Talkyard that is using Single-Sign-On and requires users to be logged in to view content.
I noticed that images that are uploaded are not protected by login.
For example, I can access this without being logged in:
Is there a way to protect all images from users that are not logged in?
- 1 replies
- KajMagnus @KajMagnus2021-02-12 16:34:19.340Z
Not currently. The image URLs are not possible to guess — one needs to either have access to the discussion topic itself, or get a direct link to the images from someone.
Still, real image access control would be a good feature to have.
Maybe this could be mentioned in the installation instructions and in the admin settings