Security

Secure Roxy FilemanFileman's PHP or .NET scripts will not manipulate files or folders that are outside the directory set in FILES_ROOT setting. Also Fileman script which is not set in the configuration cannot be executed - it will exit.
Example: 
MOVEDIR is set to "your_script_to_move_dir.php", if the original Fileman "php/movedir.php" script is requested, it will check the configuration and exit, because the mismatch of it's own name and the value of MOVEDIR setting. The same mechanism is used in the .NET distribution.

However, it's up to you to implement application level access restriction! If you are using protected directory and Fileman resides in it, you are good to go.

 

.NET users can use web.config file to apply user authentication.

 

To implement your own security checks in PHP, you have to fill "checkAccess($action)" function located in fileman/php/security.inc.php file. This function is executed in the beginning of each PHP script, and you can validate user or the action which is about to be performed ($action will contain the name of the setting i.e "MOVEDIR" when moving directory). Usually user login validation is pretty simple, it could be something like "if($_SESSION['is_admin_logged'] !== true)exit;".

You can also use HTTP Basic authentication or any other authentication mechanism you want.


 

User comments

Please see the FAQ page before ask a question.

I don't review comments very often, and I will NOT answer the questions asked here, please use the contact form.

L. Arsov


Author: lzmzz 04-01-2018 04:00:20 (GMT)
http://www.ugg.org.au ugg boots
http://www.raybanaustralia.com ray ban australia
http://www.hermesoutlet.net hermes outlet
http://www.versaceoutlet.org versace outlet
http://www.pradaoutletonline.us prada outlet online
http://www.mizunoshop.us Wave Prophecy 2 Shoes
http://www.coachoutletlove.us coach outlet
http://www.sp-lunettes.fr Lunette Oakley
http://www.michaelkors-bags.info michael kors bags
http://www.black-friday-deals.us black friday
http://www.louis-vuitton-outlet.co louis vuitton outlet
http://www.outlet-shop.us Wholesale Outlet Sale
http://www.brighton-jewelry.us Brighton Jewelry - Official
http://www.handbags-online.us handbags online sale
http://www.chrome-store.us chrome store
http://www.raybanpolarized.us ray ban polarized
http://www.pandora-australia.com pandora australia
http://www.nikefactoryoutlet.net nike factory outlet
http://www.greencleaned.net Green Cleaned
http://www.burberry-factoryoutlet.com burberry factory outlet
http://www.eznara.com China wholesale
http://www.va-bene-shoes.de Nike Air Max
http://www.usito.fr Nike Air Max 1
http://www.coach-outlet.co.uk coach outlet
http://www.wedding--rings.us Wedding Rings- Official
http://www.coach--outlet.net coach outlet online
http://www.splaash.fr Nike Air Max Enfant
http://www.ray-ban-sunglasses.us ray-ban sunglasses
http://www.pandora-box.co.uk pandora jewelry uk
http://www.yeezy-boost350.us yeezy boots 350
http://www.pradaoutletonline.net prada outlet sale
http://www.rayban-outlet.us Ray Ban sunglasses
http://www.outlet-michaelkors.org michael kors outlet
http://www.pandora-bracelet-charms.us pandoracharms
http://www.michaelkorsfactoryoutlet.net michael kors factory outlet
http://www.tory-burch.org tory burch
http://www.raybanprescriptionglasses.us rayban prescription glasses
http://www.blackfridaymichaelkors.us black friday michael kors
http://www.rayban-sunglasses-sale.us ray ban sunglasses sale
http://www.culinar-hannover.de Air Max 90
http://www.pumashoes.us puma shoes
http://www.stonesandbones.us Family Name Research
http://www.katespadeoutletsstore.us kate spade outlet store
http://www.pandora-bracelets.us pandora bracelets charms
http://www.canadagoose-outlet.org canada goose outlet
http://www.chaussurespascheres.fr chaussure pas cher
http://www.pumasneakers.ca puma sneakers
http://www.burberryoutletw.com burberry outlet
http://www.premierjewelry.us Premier Jewelry - Official
http://www.jimmychooshoesaustralia.net jimmy choo australia
http://www.pandoraaustralia.com.au pandora australia
http://www.katespadeoutletsale.net kate spade outlet sale
http://www.katespadeoutlet1993.com kate spade outlet
http://www.boutique-cosmetique-bio.fr Nike Air Max Enfant
http://www.ray-ban-outlet.us rayban sunglasses
http://www.pandoraaustralia.net pandora australia
http://www.birkenstocksandals.net birkenstock sandals
http://www.nikejordanshoes.us nike jordan shoes
http://www.stsprepaid.com Nike Free Run
http://www.mode-damenschuhe.de mode damenschuhe
http://www.conseil-invest.fr Nike Air Max Chase
http://www.armanioutlet.org armani outlet
http://www.oakley-outlet.us oakley outlet
http://www.puresoie.fr Nike Air Max 90
http://www.timberland-outlet.co.uk timberland outlet
http://www.breitling-watches.us breitling watches
http://www.coach-outlet.com.co coach outlet online sale
http://www.jimmy-choo-shoes.us jimmy choo shoes
http://www.burberry-sale.com burberry sale
http://www.pandora-bracelet.co pandora jewelry
http://www.oz-e-wahm.com Nike Air Force 1 Homme
http://www.under-armour.ca under armour
http://www.cheapraybans.co cheap ray bans
http://www.coachoutletstore.ca coach outlet store
http://www.get-free-back-links.com backlink
http://www.bookmarkvine.com Air Jordan 11 Femme
http://www.katespadeoutlet.us kate spade outlet
http://www.destiny-france.com Nike Air Jordan Enfants
http://www.michael-kors--outlet.com michael kors outlet online
http://www.burberry-outletstore.us burberry outlet
http://www.louisvuittonoriginal.com Louis Vuitton handbags
http://www.mlbshop.us.org shop mlb
http://www.nikejordanpascher.fr Nike Air Max Femme
http://www.nike-outlet-online.nl nike outlet online
http://www.kate-spade-outlet-online.com kate spade outlet
http://www.katespade-outletonline.com kate spade outlet online
http://www.tory-burch.net tory burch
http://www.nikeoutlet.co.uk nike outlet
http://www.gucci-watches.us gucci watches
http://www.runecheatz.com Nike Air Jordan Enfants
http://www.jimmychoouk.co.uk jimmy choo uk
http://www.louisvuittonoutlet.co.uk louis vuitton outlet
http://www.clearanceoutlet.us/ clearance
http://www.nikeoutlet.net nike outlet
http://www.Coach-Outlet.info coach outlet
http://www.michael-kors-outlet.co michael kors outlet
http://www.brightonjewelry.us Brighton Jewelry - Official
http://www.schuhe-infoblog.de Nike Air Max 2017
http://www.coolraoul.fr Jordan Fusion Femme
http://www.joebuy.com/womens-autumn-n-witer-clothing-c-38_173.html Wholesale womens autumn winter clothing
http://www.therca.org The Retail Compliance Association
http://www.michaelkors-bags.net michael kors bags online
http://www.michaelkorsoutlet.cc michael kors
http://www.michael-korshandbags.com michael kors handbags
http://www.bouldershoesewrepair.com boulder shoes sew repair
http://www.yeezyshoes.co yeezy shoes
http://www.outletsale.us burberry outlet sale
http://www.grandregency.fr Air Max Enfants
http://www.payless-shoes.org payless shoes online
http://www.rolex--watch.us rolex watch
http://www.spielen-roulette55.de Adidas Outlet
http://www.katespadeoutletonline.org kate spade outlet online
http://www.katespadeoutletonline.net kate spade outlet online
http://www.michaelkorsbags.net.co michael kors bags
http://www.nike-outlet.us nike running
http://www.chaussurespourfemme.fr Chaussures pour Femme
http://www.rayban-australia.com ray ban australia
http://www.jewelry-armoire.us Jewelry Armoire - Official
http://www.school-bags.us school bags on sale
http://www.prada-outlet-online.com prada outlet online
http://www.rustyristine.com Nike Free Run
http://www.katespadeoutletbags.com kate spade outlet bags
http://www.coach-outlet-online.ca coach outlet online
lzm1.4
Author: zinchronize 29-12-2016 08:50:25 (GMT)
I inject a code inside the a code inside the main.ashx file under public method "ProcessRequest". Sample snippet below:

public void ProcessRequest (HttpContext context) {

//Custom code here
var auth = new SMIC_Intranet2.Models.AuthorizationGateway();
.UsersRepository credentials = auth.AuthorizeUser();

if (!(credentials.Role == SMIC_Intranet2.Models.UserRoles.ADMINISTRATOR || credentials.Role == SMIC_Intranet2.Models.UserRoles.PUBLISHER))
{
//here throws 401 if condition has met otherwise continue execution
context.Response.StatusCode = 401;
context.Response.End();
}



}
Author: Daniel Wiberg 23-09-2014 09:40:00 (GMT)
@Martin Curly
Sorry for late response.
Open the "Web.config" file in "fileman" directory
Add this three lines right under "<system.web>"
<authorization>
<deny users="?" />
</authorization>

When you do that you deny all users that are not logged in.
Author: Martin Curly 14-09-2014 10:15:20 (GMT)
".NET users can use web.config file to apply user authentication."

How this process?. Please helpme.

Add comment