Last modified: 2011-04-30 01:16:48 UTC
I have mediawiki setup with SecurID authentication. Everything appeared to work fine until the other day when someone sent the file location on the server instead of the URL of the page the file could be downloaded from. No authentication was needed and the file could be downloaded. To try to make it clearer. Normally to download a file from the wiki I would send the following - a link to the page the file was on: https://myserver.com/info/Prototype_Monthly_Vuln And say to download the appropriate file from the page. No problem. Authetication was needed. If instead I send a link to the file: https://myserver.com/myserver/images/5/5a/filetodownload.fs.2009-01-22.csv A person just has to click on the link and the file will download, no authentication needed. Any help you can give would be greatly appreciated.
There's already an help page for that: http://www.mediawiki.org/wiki/Manual:Image_Authorization