Open funkyapple opened 9 months ago
You can create an offline version for your own intranet use. No need to worry about data leakage
In my case I placed the storage outside the server document root and added a somewhat nice 404-error handler
// Root path for file manager
// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder'
// $root_path = $_SERVER['DOCUMENT_ROOT'];
$root_path = dirname(__DIR__) . '/storage'; // PM (22.06.2024)
Hi,
So just a couple thoughts. I was wondering if tinyfilemanager supports disabling the direct link feature entirely? I don't rlly understand how the program works so not sure how feasible that would be.
My main concern would be that some of my config files contain sensitive information. It appears the direct links can be accessed without user authentication which would be a problem if any configs contained unencrypted passwords (yes I know, bad practice but in dev server sometimes easier). I really love however the rich text editor of tinyfilemanager so it would be neat if this was possible. It really is a god send when it comes to editing yaml files (which is what I often do all day).
One idea I had would be to secure tinyfilemanager behind something like Authelia just would take some time to config.