I think you can use the DAM (digital asset manager) that is shipped by default. It has a permissions tab which enables you to grat permissions to certain roles.
Having said that: the file manager is getting rebuilt. DNN 9.7 will have the most part of the new DAM on board. It is already available as RC so that would be a great start to test if it servers your purpose. The current DAM will be deprecated in the next major release, I believe.

Posted By Tycho de Waard (SU) on 31 Jul 2020 07:49 AM
I think you can use the DAM (digital asset manager) that is shipped by default. It has a permissions tab which enables you to grat permissions to certain roles.

If you have to grant permissions - then roles i'm not sure this will work for us because we want the public to upload files (like application forms) without logging in.

We don't want users logging in to upload. Our site got hacked a few weeks ago (on version 7.4.2 DNN) and we no longer want end users to be able to login to our CMS (for security reasons). We think hackers might have found a way in via registereing as a user, so that's why we don't want users to register for anything on our site.

we are now on DNN 9.6.1

 

 

 

 

 

Action Form with the File Management Add-In works well. It's a form generator, not a file uploader, but it has the ability to upload files. You would create the small form that uploads files yourself. After that, you can continue to use the form generator for many other tasks.

Posted By sypa on 31 Jul 2020 08:19 AM

Posted By Tycho de Waard (SU) on 31 Jul 2020 07:49 AM
I think you can use the DAM (digital asset manager) that is shipped by default. It has a permissions tab which enables you to grat permissions to certain roles.

If you have to grant permissions - then roles i'm not sure this will work for us because we want the public to upload files (like application forms) without logging in.

We don't want users logging in to upload. Our site got hacked a few weeks ago (on version 7.4.2 DNN) and we no longer want end users to be able to login to our CMS (for security reasons). We think hackers might have found a way in via registereing as a user, so that's why we don't want users to register for anything on our site.

we are now on DNN 9.6.1

 

 

 

 

 

If you grant persmission to the role 'unauthenticated users', people won't have to login.

Having said that, I can not oversee the possible security issues. In the security settings, you can limit the extensions that are allowed.
The option Mark mentioned, might be a safer one as ActionForm has another option to limit the extensions which applies to just tha 1 form instead of the entire websites.

Now, for the security: upgrade. You really need to upgrade. If you are on 7, there are no quick fixes. It is not just a few mitigations in the webconfig and you'll be ok for another year. It can be a tough one but take a week for the following:

1. create a clone
2. remove unused third party modules
3. upgrade modules and themes to the latest (check recommendations of the respective vendors)
4. if a latest version is more than 2 years old, check if it is compatible with 9.3.2 (in that case, it will probably work in 9.6.2 as well)
5. create a back up if this situation
6. upgrade to 804
7. Test 
8. Fix stuff if needed
9. If you have DNN Sharp modules, install NewtonPatch
10. Upgrade to 9.3.2
11. Test (9.2 deprecated a lot )
12. Upgrade to 9.6.2
13. Test