The users of the website can apply online. They send various files with their application. CV, passport photo, etc.
The form saves the files in the library. The data is easily accessible here for everyone via easy-to-guess paths.
Is there a way to store this data more securely?
The plugin looks fine, but it seems that the files need to be manually protected in the library after they have been uploaded.
The installation instruction says:
...
... Activate the plugin.
... Protect your files under the Media Library.
The files can be protected afterwards, which is not a bad thing, but not directly when uploading. Or am I missing something?
it is guests who use the form. They upload files (e.g. their CV or copies of certificates).
These files end up in the upload directory. There they are unprotected. Anyone who can guess the path can view the files.
The plugin you recommended can protect these files. To do this, I have to go to the media library after the files have been uploaded, select the files to be protected and click on "protect".
It cannot be configured that all files uploaded by the plugin are automatically protected.
Or am I missing something here?
I have now found another solution. The "File Renaming on Upload" plugin (hidden link) renames the files during the upload. In my case, it adds the date, time, and microseconds of the upload. This creates filenames and paths that are difficult to guess.
It would be even more ideal if a random sequence of characters were appended. Wouldn't that be an easy to implement feature in the Toolset Forms plugin? In order to make the updates much more secure from unauthorized access and thus certainly more compatible with GDPR guidelines?
Thank you for your help and have a good day!
Lothar
