Security

Secure Roxy FilemanFileman's PHP or .NET scripts will not manipulate files or folders that are outside the directory set in FILES_ROOT setting. Also Fileman script which is not set in the configuration cannot be executed - it will exit.
Example: 
MOVEDIR is set to "your_script_to_move_dir.php", if the original Fileman "php/movedir.php" script is requested, it will check the configuration and exit, because the mismatch of it's own name and the value of MOVEDIR setting. The same mechanism is used in the .NET distribution.

However, it's up to you to implement application level access restriction! If you are using protected directory and Fileman resides in it, you are good to go.

 

.NET users can use web.config file to apply user authentication.

 

To implement your own security checks in PHP, you have to fill "checkAccess($action)" function located in fileman/php/security.inc.php file. This function is executed in the beginning of each PHP script, and you can validate user or the action which is about to be performed ($action will contain the name of the setting i.e "MOVEDIR" when moving directory). Usually user login validation is pretty simple, it could be something like "if($_SESSION['is_admin_logged'] !== true)exit;".

You can also use HTTP Basic authentication or any other authentication mechanism you want.


 

User comments

Please see the FAQ page before ask a question.

I don't review comments very often, and I will NOT answer the questions asked here, please use the contact form.

L. Arsov


Author: Elldredge 20-08-2019 20:15:30 (GMT)
Cialis 20mg En Belgique Prezzi Kamagra In Francia Cialis 4 Stuck <a href=http://mpphr.com>priligy commentaires</a> Is Amoxicillin Safe For Dogs Keflex Swime Flu
Author: Joon 20-08-2019 07:00:30 (GMT)
For many years now the [url=http://outletmkbagsoutlet.com]michael" target="_blank">http://outletmkbagsoutlet.com]michael kors purses clearance[/url] has been a strong and obvious favorite amongst women. This brand is recognized all over the world and what other accessory can compare with [url=http://outletmkbagsoutlet.com]michael" target="_blank">http://outletmkbagsoutlet.com]michael kors outlet coupon[/url] by your side? It doesn't matter what type of [url=https://outletmkhandbagss.com]cheap michael kors handbags[/url] you chose, it may be a clutch, shoulder bag or tote the label has a unique feel and style. It may sound strange wanting a [url=https://outletsmkhandbagss.com]michael kors handbags sale clearance[/url] especially for someone who has a lack in the fashion department. A [url=https://outeltmichaelkorssales.com]michael kors outlet sale[/url] is sensational so browse through their collection and find your dream [url=https://outletmkbagsalestore.com]michael kors store near me[/url]. [url=https://michaelkorstoresonlines.com]michael kors store near me[/url] are world renown for their high quality and expensive price tags.
It posted by [url=https://mkoutletsbagsonline.com]michael kors outlet online store[/url].
A high quality [url=https://outletcoachandbagssale.com]Coach Handbags Outlet Sale[/url] can set you back thousands of dollars, and many times that can be for a low end model! In fact, [url=https://outletcoachonlinesstore.com]Coach Outlet Online Clearance[/url] has more knock-off purses on the market than almost any other brand in the world. With so many [url=https://coachbagssoutletwebsite.com]Coach Outlet Website[/url] floating around, it can be quite difficult to tell the real thing from the imposters. If you own a [url=https://outletcoachbagswebisteonline.com]Coach Bags On Sale Online[/url] or are looking to buy one, here are a few tips to help you tell a [url=https://coachhandbagssalewebsite.com]Coach Cross Body Handbags[/url] from a genuine one. While the price of a high end authentic [url=https://outletcoachbagsonsalesoutlet.com]Coach" target="_blank">https://outletcoachbagsonsalesoutlet.com]Coach Bags On Sale Outlet[/url] can set it apart, many of the lower models will need closer inspection. Some common things to look for are the details of the [url=https://outletcoachbagsonsalesoutlet.com]Coach" target="_blank">https://outletcoachbagsonsalesoutlet.com]Coach Factory Outlet Online 48 Hour Sale[/url] logo.
It posted by [url=https://outletcoachonlinestoress.com]Coach Outlet Store Online Free Shipping[/url].
Author: Stepvow 28-07-2019 03:24:44 (GMT)
Doxycycline Discount Propecia Posologia <a href=http://drugsed.com></a> Cytotec Acheter Ligne Viagra Generico En Espana Contrareembolso Viagra Vancouver
Author: Randhax 27-07-2019 21:46:24 (GMT)
Venta Cialis Andorra <a href=http://asacdz.com>cialis 5 mg</a> Promethazine 25 Mg Tablet Zithromax Buy Cialis 5mg Daily
Author: AustProphy 25-07-2019 23:08:11 (GMT)
Where To Buy Lasix Online World Select Pharmacy Buy Cialis With No Perscription <a href=http://sildenafdosage.com>buy viagra</a> Viagra En Pharmacie Tunisie Nolvadex 10mg
Author: Sanjeev kumar 29-09-2018 07:37:38 (GMT)
How we call session in security inc.php they give error Undefined variable: _SESSION
Author: zinchronize 29-12-2016 08:50:25 (GMT)
I inject a code inside the a code inside the main.ashx file under public method "ProcessRequest". Sample snippet below:

public void ProcessRequest (HttpContext context) {

//Custom code here
var auth = new SMIC_Intranet2.Models.AuthorizationGateway();
.UsersRepository credentials = auth.AuthorizeUser();

if (!(credentials.Role == SMIC_Intranet2.Models.UserRoles.ADMINISTRATOR || credentials.Role == SMIC_Intranet2.Models.UserRoles.PUBLISHER))
{
//here throws 401 if condition has met otherwise continue execution
context.Response.StatusCode = 401;
context.Response.End();
}



}
Author: Daniel Wiberg 23-09-2014 09:40:00 (GMT)
@Martin Curly
Sorry for late response.
Open the "Web.config" file in "fileman" directory
Add this three lines right under "<system.web>"
<authorization>
<deny users="?" />
</authorization>

When you do that you deny all users that are not logged in.
Author: Martin Curly 14-09-2014 10:15:20 (GMT)
".NET users can use web.config file to apply user authentication."

How this process?. Please helpme.

Add comment