Forums » SEPHP Feature Requests

Store private files securely

    • 14 posts
    December 28, 2020 3:38 AM EST

    At the moment I'm using Social Engine 5.2.1 and I've seen that the storage table sotres files and generates links to the public storage folder. As a result, all the stored files are of public access. I would be greaf for plugin developers to have an integrated mechanism in Social Engine that allows files to be stored in other folders other than the public folder, and allow a flexible authorization scheme. For example, files being accessible only to the administrator and the user who uploaded them.

    • Moderator
    • 5720 posts
    December 28, 2020 6:16 AM EST

    So this is a feature request for third party plugins? If it is for SEPHP, please check our stickied post and please provide all of the info we require for feature requests. If it is for third party plugins, I can move it to that section as we do not update the core just for third party products.

    • 14 posts
    December 28, 2020 9:37 AM EST

    Thanks Donna for your answer. Yes, this is for third party plugins. It would make developer's life a lot easier if the engine itsel could provide such a functionality instead of each team/developer trying to roll out somiting of their own. Also, if it's not asking too much, take a look at this one: https://community.socialengine.com/forums/topic/2655/customize-signup-process-by-profile-type . There's someone answering me but unfortunately, his answers are not what I am trying to suggest.

    • Moderator
    • 5720 posts
    December 28, 2020 9:43 AM EST

    We don't do the core for third party products though. We do the core for core improvements. :) There is already a feature request submitted by a client for allowing document uploads. As for file uploads, if you want a feature request to be considered, please provide full details for it based on the stickied post for how to submit a feature request. It is stickied in this section. It MUST be a benefit to the core product though. So, you will need to have info solely based on the core. 

    • 14 posts
    December 30, 2020 8:25 AM EST

    Hello Donna. Thanks a lot for your reply. Regarding the documents upload, I'm almost sure I'm the client responsible for that request. Anyway, if SocialEngine will take care of that, you eventually will hit the problem I'm describing this requirement for. As suggested by one of the SocialEngine support team (not sure if it was you as well) I bought the Document Verifivation KYC ... third party plugin. I needed to be able to upload different documents based on profile type, that I already did by modifying the plugin itself. Now, the problem is that I contacted the support of that plugin because of something very interesting. The documents ended up in the websites' public storage. That's UNACCEPTABLE. Such kind of documents are very sensitive and should be accessible by the administrators of the website and the user who uploaded them. At the moment I contacted the support team (very crappy support by the way) the came up wiith two statements:

    1. "Social Engine doesn't provide another way to store files other than the public storage".

    2. "The URL of the files is a safe URL".

    Due to point one, I'm creating this requirement request. So if not the core, I believe you should provide some sort of basic plugin SDK that allows things like this (flexible access to files based on some criteria -like users and/or roles-). In that way, plugin developers would not need to roll a custom and different solition for each developer/team and we would have a robust/unified approach for this accross all plugins. Actually, this functionality could benefit the core itself for future and more andvanced functionalities. 

    For point 2 however, I'm still wondering how an URL, in plain text, can be safe.

    • Moderator
    • 5720 posts
    December 30, 2020 10:42 AM EST

    There are other storage options such as Amazon. But, I will look to see if we can make some other sort of file with other permissions. There should be a way to store a folder above the root, for example, for better security. Such as WHMCS offers in their settings. Woocommerce also offers that option for file storage such as download files. 

    • Moderator
    • 5720 posts
    December 30, 2020 10:43 AM EST

    I changed the title a little.