![]() ![]() Permitting users to upload files does not represent a security vulnerability itself. env file.įind or add the follow option then configure to your requirements.When enabled, the file_uploads option allows PHP users to upload arbitrary files to the server. The upload limit in BookStack is configured through an option in your. ![]() If you run into problems with upload size limits follow the below details for BookStack, PHP and whichever web server you use. BookStack enforces its own limit but there may also be limits configured as part of PHP and your web sever software. After doing this migration you may have to clean-up and re-upload any ‘App Icon’ images, found in settings, since these need to remain publicly accessible.īy default, a lot of server software has strict limits on upload sizes which causes errors when users upload new content. If you are migrating to the STORAGE_TYPE=local_secure or STORAGE_TYPE=local_secure_restricted options, with existing images, you will need to move all content from your previous image storage location (see above) to the storage/uploads/images folder within your BookStack instance.ĭo not simply copy and leave content in the public/uploads/images as those images will still be publicly accessible. STORAGE_ATTACHMENT_TYPE =local_secureīack-up your BookStack instance before attempting any migration # Accepts the same values as STORAGE_TYPE although 'local' will be forced to 'local_secure'. STORAGE_IMAGE_TYPE = local # Attachment storage system to use # Defaults to the value of STORAGE_TYPE if unset. # Accepts the same values as STORAGE_TYPE. # Image storage system to use # Defaults to the value of STORAGE_TYPE if unset. This option can be enabled by setting the following in your. Another example is that deleting a page, where images were uploaded to, will prevent any user access to the related images. Visibility will remain controlled by the original source page. Visibility permissions, you could have users that are able to see that page but the images within may not load, since their For example if a page, with images uploaded to it, is copied to a new page with different Note: This option is relatively new to BookStack and currently considered somewhat experimental.ĭue to the rather restrictive & granular permission control enforced by this option, various logical scenarios can be encountered User having permission to view the content that the image has been uploaded to. This option stores uploads on the local filesystem but controls access to image files based upon the Refer to the Migrating to “Secure” Images for details about switching to this with existing file uploads. Attachment uploads location: /storage/uploads/files.Image uploads location: /storage/uploads/images.env file:Īfter setting this option ensure you test system performance creating a page with many images and reload on that page multiple times to ensure your server can keep up with the It can be forced by setting the following in your. This is the default storage mechanism in BookStack that stores uploads on the local filesystem. Attachments are secured behind BookStack’s permission control, as long as files are not exposed via other means.įor all options you can use the ‘Enable higher security image uploads’ in-app admin setting which appends a random string to each uploaded image name to make URL’s hard to guess. ![]() Images are made publicly accessible on upload.Store files externally on Amazon S3 (or S3 compatible system).Has logical side-affects that can hinder ease-of-use.Is the most system resource intensive and could induce performance issues.Same as local option but image access is controlled by user access permission to the item an image is uploaded to.More system resource intensive than the default “local” option thus could induce performance issues.Is only useful while the BookStack “Public Access” setting is disabled.Same as local option but images are served by BookStack, with authentication (login required) on image requests. ![]() Attachments are secured behind BookStack’s permission control.Images are publicly accessible, served by your web-sever.Files are stored on the server running BookStack.Within BookStack there are a few different options for storing files: BookStack allows users to upload both images for content and files as attachments.įor information relating to security for file uploads please refer to the Security Page. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |