Jump to content

Confidential downloads & security


Cyboman

Recommended Posts

Posted

In one of my communities, I host a lot of (hundreds) of confidential downloads. I limited the member groups correctly to being only able to download x downloads a day. I've also set the category permissions to avoid unauthorized access.

But I would suppose more important protection options:

  • option to enter an additional password for each download: This way, members are required to ask the author for the password before downloading. This shouldn't be done on file level, as this would require a lot of files to be converted to self-extracting, encrypted exe files. This would scare our members. And not all applications for file generations offer their own password protection mechanisms like MS Word...
     
  • admin warning, if member X downloads X files in X minutes: The highest risk for compromising is a member himself. If a member logs in via insecure connections or via terminals and forgets to logout, any attacker could get access to the whole, confidential downloads section in worst case. Therefore, I would love to have an option, that the admins will be warned if irregular use is detected by the system. If I could determine to being informed, f.e. if a member of group "newbies" attempts to download 8 files in sequence in 5 minutes, I would like to get an email. I don't want to limit downloads per minutes! Or if there would be an option, to stop the member directly for further downloads, until he will be permitted again by an administrator.

I think such features are very important for security-sensitive communities.

Any recommendations? Thanks.

Maybe this is also an idea for a plugin like @CodingJungles Downloads Plus:

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...