Skip to content

Security concern

Jump to bottom Edit New page
Simon Georget edited this page Jan 21, 2014 · 9 revisions

Since the Filemanager is able to manipulate files on your server, it is necessary to secure safely your application.

Grant privileges to wanted users only.

By default, everyone is able to use the Filemanager. This is because you want you to be able to fix your own rules with your own authentication mechanism.

Deploying the Filemanager in a production environnement, you should adapt filemanager.php file in PHP connector to be sure only wanted users can use it :

function auth() {
  if(isset($_SESSION['authenticated']) && $_SESSION['user_type'] ==  'admin') return true;
  else return false;
}

Configuration - security options

Please refer to the security section on the configuration page.

We encourage you to use the default uploadPolicy (DISALLOW_ALL) and specify the allowed files extension.

Add a custom footer
Add a custom sidebar
Clone this wiki locally