Hi Dale, it would definitely be a security risk to expose that whole directory in that manner. However, are you sure it doesn't work, regardless of what's in the URL already? I think it should because 'uploadedfiles' is hard-coded into the URL here: https://github.com/archesproject/arches/blob/master/arches/app/datatypes/datatypes.py#L1106. Frankly, the way this is handled has always confused me a bit, but the I do know that it will work without you exposing that directory.
You can always alter the URL with the MEDIA_URL setting. We don't have an authoritative guide on permissions, but it would certainly be helpful to have. Feel free to make a ticket in our documentation repo, github.com/archesproject/arches-docs, and add as much information as you can, to help push it along. Thanks! Adam On Mon, Feb 25, 2019 at 9:49 AM Dale Lloyd <dale.ll...@oxcis.ac.uk> wrote: > Thanks Adam! > > I would have to put something slightly different in the Apache config, > because 'uploadedfiles' is already in the image URL: > > Alias /files/ /opt/Projects/mehs/mehs/ > > I did a quick test and found that if i put the the alias into the Apache > config, the whole Arches directory would be exposed to the internet. Would > this present a security risk? > > Is there a list somewhere which says which files and directories Apache > needs read and write access to? > > -- > -- To post, send email to archesproject@googlegroups.com. To unsubscribe, > send email to archesproject+unsubscr...@googlegroups.com. For more > information, visit https://groups.google.com/d/forum/archesproject?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Arches Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to archesproject+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- To post, send email to archesproject@googlegroups.com. To unsubscribe, send email to archesproject+unsubscr...@googlegroups.com. For more information, visit https://groups.google.com/d/forum/archesproject?hl=en --- You received this message because you are subscribed to the Google Groups "Arches Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to archesproject+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
