#185 User passworded files

2.0.0
closed-fixed
Brandon Nimon
Security (9)
4
2008-11-11
2006-05-18
Brandon Nimon
No

This would be secure for everything except downloading
(since anyone with a little sense could figure out how
to download each file, as long as loc1 isn't altered).
Make it so only admins and the user with the password
can edit, delete, etc that user's file. File and
directory ownership is tracked, so only the owner of
the file or an admin can add a password.

Discussion

  • Brandon Nimon
    Brandon Nimon
    2008-11-07

    • milestone: --> 2.0.0
    • assigned_to: nobody --> bnimon
    • priority: 5 --> 4
    • labels: --> Security
    • status: open --> open-accepted
     
  • Brandon Nimon
    Brandon Nimon
    2008-11-07

    An alternate solution: artifact 2230567
    Allows a user who owns a file/dir to allow other users to
    delete/edit/write/read/see it. No password, maybe that can be a bypass to
    the system if the owner so desires.

     
  • Brandon Nimon
    Brandon Nimon
    2008-11-11

    This is now complete.
    The owner can set universal permissions (del, edit, write, read, see). Then, at their choosing, they can set a bypass password to allow user which have such a password to still have full access (limited only by their user permissions). This allows users to hide files or protect them from other users.
    Only admins supersede this. They can still view and change all aspects of the file (permissions and even the password).

     
  • Brandon Nimon
    Brandon Nimon
    2008-11-11

    • status: open-accepted --> closed-fixed