Security Issue

[mlapl1]

For some reason the system did not accept my original submission - (critical error in WP). And it now insists that this is a duplicate message but does not display it. I am adding this text at the beginning of the message to (perhaps) enable it to accept my message. Hello again I thought I might raise an issue that bothers me with many WP sites: security. I noticed that any attachment at the end of a unit is actually not secure. If someone copies or guesses the URL for one of my PDF files, they can download it even if they are not logged in. I have not yet checked if the same thing happens with SCORM files (will do so soon) but this is a real issue for me. Clearly, I would not want my intellectual capital to be accessed easily. I am aware of course that anything that is on the web is ultimately vulnerable to attack, but why make life easy for theft? One of the answers would be to place downloadable files above the root of the server and to retrieve them through PHP. Another addition would be to encrypt them in some way. That is the solution adopted by moodle and other large systems. I am also aware that this will add an overhead to the operation, but there may be other, better, solutions. I would appreciate your opinion. Andrew

[Anshuman Sahu]

Well to protect that you can use wplms s3 addon which allows you to set attachments from s3. It works in this way It limits the time to load that resource on user’s machine . It loads the resource from s3 for the given duration after it stops loading the resource .So anybody who wants to download the video from the same link in the dom will not be able to do so after a certain duration .

[Author]

Posts