Hi Dale, it would definitely be a security risk to expose that whole directory in that manner. However, are you sure it doesn't work, regardless of what's in the URL already? I think it should because 'uploadedfiles' is hard-coded into the URL here: https://github.com/archesproject/arches/blob/master/arches/app/datatypes/datatypes.py#L1106. Frankly, the way this is handled has always confused me a bit, but the I do know that it will work without you exposing that directory.
You can always alter the URL with the MEDIA_URL setting. We don't have an authoritative guide on permissions, but it would certainly be helpful to have. Feel free to make a ticket in our documentation repo, github.com/archesproject/arches-docs, and add as much information as you can, to help push it along. Thanks! Adam On Mon, Feb 25, 2019 at 9:49 AM Dale Lloyd <[email protected]> wrote: > Thanks Adam! > > I would have to put something slightly different in the Apache config, > because 'uploadedfiles' is already in the image URL: > > Alias /files/ /opt/Projects/mehs/mehs/ > > I did a quick test and found that if i put the the alias into the Apache > config, the whole Arches directory would be exposed to the internet. Would > this present a security risk? > > Is there a list somewhere which says which files and directories Apache > needs read and write access to? > > -- > -- To post, send email to [email protected]. To unsubscribe, > send email to [email protected]. For more > information, visit https://groups.google.com/d/forum/archesproject?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Arches Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- To post, send email to [email protected]. To unsubscribe, send email to [email protected]. For more information, visit https://groups.google.com/d/forum/archesproject?hl=en --- You received this message because you are subscribed to the Google Groups "Arches Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
