No internet connection
  1. Home
  2. Issues

Images are not protected by login

By Dave Gallant @davegallant2021-02-11 16:48:06.010Z

I have a deployment of Talkyard that is using Single-Sign-On and requires users to be logged in to view content.

I noticed that images that are uploaded are not protected by login.

For example, I can access this without being logged in:

Is there a way to protect all images from users that are not logged in?

  • 1 replies
  1. KajMagnus @KajMagnus2021-02-12 16:34:19.340Z

    Not currently. The image URLs are not possible to guess — one needs to either have access to the discussion topic itself, or get a direct link to the images from someone.

    Still, real image access control would be a good feature to have.

    Maybe this could be mentioned in the installation instructions and in the admin settings