Images are not protected by login
I have a deployment of Talkyard that is using Single-Sign-On and requires users to be logged in to view content.
I noticed that images that are uploaded are not protected by login.
For example, I can access this without being logged in:
Is there a way to protect all images from users that are not logged in?
- 1 replies
Not currently. The image URLs are not possible to guess — one needs to either have access to the discussion topic itself, or get a direct link to the images from someone.
Still, real image access control would be a good feature to have.
Maybe this could be mentioned in the installation instructions and in the admin settings
- Progresswith handling this problem
- @KajMagnus marked this topic as Planned 2021-03-16 22:32:57.223Z.