MEVi

Why Invision does not natively integrate the Wasabi and Cloudflare ?

You tried to disable HTACCESS ?

About database you have change to InnoDB

He replied that this would have to be changed for all clients, which is unthinkable.

DYNAMIC row format, not working with my host

#!/bin/bash

DATABASE=XXX

ROW_FORMAT=DYNAMIC
#ROW_FORMAT=COMPRESSED

TABLES=$(echo SHOW TABLES | mysql -s $DATABASE)

for TABLE in $TABLES ; do
    echo "ALTER TABLE $TABLE ROW_FORMAT=$ROW_FORMAT;"
    echo "ALTER TABLE $TABLE ROW_FORMAT=$ROW_FORMAT" | mysql $DATABASE
done

Is there a procedure for making this change? (except making a backup of the database).

Hello,

In the database I have tables of type InnoDB and MyISAM it's good or not ?

Hello @Joel R,

In this context the forms are unsuitable, because the problem with the photos is the same as in the forum, etc. This prompted me to open this topic, without noticing that ZIP files are secure because there is no direct URL possible. Some file types (MIME) such as .JP?G ; .GIF ; .PNG are not secure and should be fixed.

The protection is at the level of .htaccess. I need to research if the avatars can be in a folder that would be excluded from the rules of the hotlink protection.

Hello,

When I go to the downloads: What's New

I would like to have a different view that looks more like the OS X Finder, a list view and make Highest Rated, Most Downloaded be in a separate tab. Same for the categories I would like to have them on the left side. Could you help me?

Hello,

I have activated the Hotlink protection but the emails that my members receive do not have an image (avatar). Would you change anything to correct this?

12 minutes ago, Jim M said:

Apologizes, I updated my previous post after you quoted. Images are available as they are handled differently. I didn't mention this originally as thought by "documents" you mentioned these would not be images in your case. Files which are downloaded, such as word docs, zip/archive files, etc... are protected under this.

Indeed it is not possible to download word docs, zip/archive files, etc... 😅

The members send legal documents and often he takes a photo with their signature. Is there a setting in the forum to extend this protection to the other file type (photo and co)?

5 minutes ago, Jim M said:

This is incorrect or something is not quite right with your permissions you've set. If a member group does not have access to a forum, they cannot access attachments or the topics in that forum.

If you've previously had the forum open to the public, bots may have stored those URLs and be attempting to access them. However, they will receive permission denied messages.

If you would like to submit a ticket, we're happy to give your permissions a once over for you.

The number of members on the site is low and yet the bandwidth used is astronomical. Analyzing the logs, I see that the robots, download tirelessly, all the public attachments. But if I look closer, I see that some sections of the forum are not public yet robots also manage to download them. I have experienced this on this website public and private area and I can download the following files as members via the direct link. Example:

Public in Marketplace
https://dne4i5cb88590.cloudfront.net/invisionpower-com/monthly_2020_02/3.png.6d953f0b693ef5124a25d0bf1c5e9be4.png
Private in Client Lounge 
https://dne4i5cb88590.cloudfront.net/invisionpower-com/monthly_2021_01/image.png.bef72f47d79479df595fb89022922100.png

Yes, he doesn't see the content of the forum discussions, but can download the files independently if they are a member or not. That's why IP-Downloads is ideal and should be the standard.

20 minutes ago, Paul E. said:

Holup.

Are you saying that if someone adds an attachment to a thread that only certain user groups have access to, the url to the attachment is not restricted via a link that checks for permissions on accessing?

Is this really only security through obscurity?

Attachments are accessible via the direct web link in the forum while in IP-Donloads it's not the case it's a URL key that is generated for each member and for a limited time which is great in terms of security. You cannot download Marketplace items via a direct web link, so why don't I extend this to the forum ?

2 minutes ago, Jim M said:

Is there a reason to have the forum public then? Can just restrict access to the forum to not be seen by guests and the attachments will not be visible to guests.

We have already tried it and it does not guarantee the confidentiality of information even if the forums are not open to the public, they are visited by robots. Did the member provide the possible web link although many members say no.

Hello,

In the options to sort the topics in the forum there is no option to sort by no reply.

It would be nice to have that choice : Sort by No Replies

6 hours ago, Daniel F said:

Do you really need IP.Downloads for this? Can’t you use topics to upload the file ? 

Hello,

No, uploads in the forum are not secured like in IP-Downloads which offers a vault (the download link does not correspond to the location of the real file).

We discovered in the website logs robots that are constantly downloading files sent by members in the while they have never logged in. It's a real security problem in addition to being a bandwidth bottleneck. If the files sent to the forum were protected by the same method as IP-Downloads (except for screenshots) then the question would not arise.

When this feature is active, the idea is that guests (public) do not necessarily see the existence of these clubs limited to connected members. This opens up a new perspective in terms of image and visibility.

Hello bfarber,

13 hours ago, bfarber said:

An alternative might be to use clubs for your purposes. Clubs can contain download categories and you can explicitly control who has access to individual clubs.

I use clubs but it's not same feature, I would have to create a unique club for each member to send me the documents.

The principle is that only the member sees the sending of these files with the staff. This simplifies user administration.

Hello,

Members often send PDF, ZIP, IP-Downloads without illustrations. I have to edit each topic to add a MIME icon, which takes time.

The idea is that if there is no illustration/icon associated with a document/file in the IP-Downloads, MIME icons will be used. In the administration options, we should be able to choose to add an illustration/icon for each file type. We can also imagine that when the member sends a photo in IP-Downloads, there is an automation for the creation of the illustration based on the photo.

Moreover, this generates many (useless) files on the server. If the file was common to all, it would save space and bandwidth, thanks to caches.

The purpose of this feature is to allow the member to send personal documents for the staff. At the moment I need to create a group for each member who wants to send us their ID and then this group is associated with a subcategory in the downloads (IP Downloads offers the possibility to store information in a kind of vault). While the functionality that is available for the forums allows to create a kind of DropBox alone, the interested person sees these files except for the staff.

Hello,

In the forum settings there is this feature

I would like to know the same for the IP Downloads.

And considered alternatives to Google in view of all the polemics on the respect of the private sphere. 😶

• https://www.dtelepathy.com/blog/design/captcha-alternatives-better-ux

Hello,

All my members have migrated to Telegram since the change of WhatsApp policy. So it would be interesting to have two-factor authentication by Telegram SMS code or QRCode.

Hello,

In the administrator settings of a club, it is not possible at the moment to make it public only for the community. The goal is that the member has to log in to see the content without necessarily joining the club.

Hello,

I would like to know about an additional feature to promote members to the rank of writer or secretary:

• Member writer: The peculiarity of these members is that they cannot change the settings, but have a right to publish in the club's blog.
• Member secretary: The peculiarity of these members is that they cannot change the settings, but have a right to publish in the club's blog, event,...

Hello, still alive and well.

On Facebook I have a few friends chatting with family members who are no longer alive. Every day they send a little note to their deceased parents. Facebook has added a feature for this scenario that makes it possible to delete the account in case of death, create a time capsule...

Quote

SeNioR- : It is better to add settings in ACP where after adding a user, on his profile there will be information that this user is unfortunately dead, and his avatar and cover will be in gray color, Buttons and Online Status would be hidden or something like that. This can be done via hook.

I'm not a fan of this, I prefer that this choice be given to the user of live sound. Because in case of a mistake like my premature death the member will lose part of his profile.

Quote

Matt: The idea of memorialising members has floated around for a while, and it's something I'd like to put some thought into.

The main reason I opened this topic is a security issue. Not all users use "commercial" email addresses, especially when using your product; they usually use an address associated with their domain name. In November 2020, I noticed abnormal activity on the account of some deceased users. A VPN used the "lost password" function to reactivate access to the accounts of the deceased. I had noticed this before, but I didn't pay attention to it until a deceased user's account was displaying spam on the website

This forced me to change the email addresses of these members to an internal address to prevent this type of intrusion. That's why I ask for a special "OFFLINE" group that has no email address and an impossibility to connect without a past via the CPAdmin. If there are members following this group, the subscriptions are cancelled and vice versa, as well as the possibility to send a message to it.

It might be interesting to make this group have another type of display for the profile, a kind of timeline with an "about" button that allows connected members to find out more. Making the member's profile inaccessible to the public makes it possible to respect the principle of the right to oblivion, because there are many people who have the same surname but are not from the same family.

The family members of one of the deceased request the deletion of their son's profile in accordance with the law of the right to oblivion. In two years, I will therefore have to delete his account without necessarily deleting the articles he published on the wiki and others. His account will join the other anonymous accounts, but I would like the administrators to still be able to identify the topics that the deceased member wrote, keeping his nickname but invisible to the public - a kind of memorial to avoid plagiarism in the future at a minimum, ensure that public topics are downgraded and visible only to community members.

I have other members who request the deactivation of their account; the reasons are often related to the death of a member and no longer see the point of pursuing their cause. In this context, members would be placed in this OFFLINE group.