It seems there is no authentication to download uploded documents from processmaker workflows. test it! when you upload a file in processmaker workflow, copy uploaded file link to another browser: ...../vezarat/cases/cases_ShowDocument?a=947019182595c2a0cab0f09097461912&v=1 you see this downloadable for everyone! it is dangerous , is it?
Asked
Active
Viewed 105 times
0
-
I would suggest opening a bug in the processmaker bugzilla: bugs.processmaker.com – Ethan Presberg Jul 20 '17 at 17:48
-
bugs.processmaker.com sign up does not send activation mail. do you have any solve to ignore download files by others? or do you know where is the section that I can enter my authentication. in my opinion migrate owncloud with processmaker is a way. just introduce loged in information to owncloud... should read more documentaion... – Hamid Shariati Jul 22 '17 at 12:20
1 Answers
0
It depens on UID of document that is "947019182595c2a0cab0f09097461912" in your case.
When a user upload the file and open URL in browser without UID of document, the user is not able to get file.
You get file because you have UID.
So, its not un-secure.
Salman Mushtaq
- 53
- 13