Hello everyone,
Today I noticed something regarding image paths on Joomla 3. Let's say, as an example, you have an article with the access level of "Registered" or something of that nature. If the article has an image included within it, which has the file name /images/2024/image.jpeg, this image is still accessible if you enter the full path and do not have the appropriate access levels (https://website.com/images/2024/image.jpeg).
I understand this may potentially go beyond the scope of Joomla Security, however, it worries me that by chance someone can simply brute-force-guess the path of the image and view it.
I've tested this with article images protected by permission levels, and entering the path into a fresh incognito window.
Does anyone have any ideas or solutions to this, or would the best option be something more simple, such as creating a harder-to-guess image path?
Any thoughts appreciated!
Thanks, Ralph.
Today I noticed something regarding image paths on Joomla 3. Let's say, as an example, you have an article with the access level of "Registered" or something of that nature. If the article has an image included within it, which has the file name /images/2024/image.jpeg, this image is still accessible if you enter the full path and do not have the appropriate access levels (https://website.com/images/2024/image.jpeg).
I understand this may potentially go beyond the scope of Joomla Security, however, it worries me that by chance someone can simply brute-force-guess the path of the image and view it.
I've tested this with article images protected by permission levels, and entering the path into a fresh incognito window.
Does anyone have any ideas or solutions to this, or would the best option be something more simple, such as creating a harder-to-guess image path?
Any thoughts appreciated!
Thanks, Ralph.
Statistics: Posted by ralphlorem — Thu May 23, 2024 6:10 pm