Question from one of our clients: I've been looking at your briefcase product.
Have a potential client who just needs an online storage system for
confidential files that users have access to. I know this can be done
with Docman, but Docman also has some limitations I don't like.
How would your solution be made secure?
Answer:
There are some basic security measures that we recomand:
1. Keep the storage folder outside the http folder. This means that
apache cannot publish those file under any circumstances. But PHP
could access them and serve them.
2. If you are using a storage folder under the public http folder,
then use a .htaccess to protect the files. We have a sample in our
site.
3. use for apache a different user then the ftp user. So the files are
not accessible through ftp.
Also check the joomla administrator security checklist. This helps you
secure your site:
help.joomla.org/component/option,com_eas...226/Itemid,99999999/