Skip to content
pavel edited this page May 7, 2016 · 12 revisions

Since the Filemanager is able to manipulate files on your server, it is necessary to secure safely your application.

Grant privileges to wanted users only.

By default, everyone is able to use the Filemanager. This is because you want you to be able to fix your own rules with your own authentication mechanism.

After deploying the Filemanager in a production environment you should declare the auth() function in /connectors/php/filemanager.php file with your own implementation to be sure only wanted users can use it.

Here comes an example of filemanager.php file where session variables are used for authentication:

require_once('BaseHelper.php');

function auth() {
    session_start();
    return isset($_SESSION['authenticated']) && $_SESSION['user_type'] == 'admin';
}

$fm = BaseHelper::getInstance();
$fm->handleRequest();

Configuration - security options

Please refer to the security section on the configuration page.

We encourage you to use the default uploadPolicy (DISALLOW_ALL) and specify the allowed files extension.

Server scripts execution disabled

By default, all server scripts execution are disabled in the default userfiles folder. See .htaccess and IIS files content.