I just discovered that even with webinterface authentication enabled you can download any file through URL.
For example after IP of DM type /file?file=%2Fusr%2Fkeys%2Fnewcamd.list and you can download newcamd.list file.
I typed "Dreambox WebControl" in google and got list of unprotected dreambox interfaces. I typed this "file?..." after URL and I was able to download ANY file!!!
So my question is: Can I protect directory from accesing by URL?
I redirected 80 port to my Dreambox, I enabled password authentication in plugin settings but anyone with my IP can access any file with playing with URL.
For example after IP of DM type /file?file=%2Fusr%2Fkeys%2Fnewcamd.list and you can download newcamd.list file.
I typed "Dreambox WebControl" in google and got list of unprotected dreambox interfaces. I typed this "file?..." after URL and I was able to download ANY file!!!
So my question is: Can I protect directory from accesing by URL?
I redirected 80 port to my Dreambox, I enabled password authentication in plugin settings but anyone with my IP can access any file with playing with URL.