what are the best options available for a module that will allow anonymous users to upload files?
i don't think it's possible with form n list, maybe a repository module would suffice if permission was taken away for users to download? - and they just had upload facility?
Posted By Tycho de Waard (SU) on 31 Jul 2020 07:49 AM I think you can use the DAM (digital asset manager) that is shipped by default. It has a permissions tab which enables you to grat permissions to certain roles.
If you have to grant permissions - then roles i'm not sure this will work for us because we want the public to upload files (like application forms) without logging in.
We don't want users logging in to upload. Our site got hacked a few weeks ago (on version 7.4.2 DNN) and we no longer want end users to be able to login to our CMS (for security reasons). We think hackers might have found a way in via registereing as a user, so that's why we don't want users to register for anything on our site.
we are now on DNN 9.6.1
Action Form with the File Management Add-In works well. It's a form generator, not a file uploader, but it has the ability to upload files. You would create the small form that uploads files yourself. After that, you can continue to use the form generator for many other tasks.
Posted By sypa on 31 Jul 2020 08:19 AM Posted By Tycho de Waard (SU) on 31 Jul 2020 07:49 AM I think you can use the DAM (digital asset manager) that is shipped by default. It has a permissions tab which enables you to grat permissions to certain roles. If you have to grant permissions - then roles i'm not sure this will work for us because we want the public to upload files (like application forms) without logging in. We don't want users logging in to upload. Our site got hacked a few weeks ago (on version 7.4.2 DNN) and we no longer want end users to be able to login to our CMS (for security reasons). We think hackers might have found a way in via registereing as a user, so that's why we don't want users to register for anything on our site. we are now on DNN 9.6.1
If you grant persmission to the role 'unauthenticated users', people won't have to login.
Having said that, I can not oversee the possible security issues. In the security settings, you can limit the extensions that are allowed. The option Mark mentioned, might be a safer one as ActionForm has another option to limit the extensions which applies to just tha 1 form instead of the entire websites.
Now, for the security: upgrade. You really need to upgrade. If you are on 7, there are no quick fixes. It is not just a few mitigations in the webconfig and you'll be ok for another year. It can be a tough one but take a week for the following:
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.