Developer forum

Forum » CMS - Standard features » Can access files in SecureFolder when not correct permissions

Can access files in SecureFolder when not correct permissions

Brian Bolks


It seems theres a bug in the secure folder feature.

I used the following url to test


if i call it it gives me a message: You do not have permission to view this directory or page.

thats correct. But if change the casing in the url somewhere in the RED part: /Admin/Public/DWSDownload.aspx?File=/Files/Files/SecureFiles/pdf/test.pdf  i can download the files just fine. So i suspect somewhere somebody forgot to check for case insensitive.

Might be HIGH prio bug if used with files that should only be accessible for certain people


Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen

Hi Brian

We will test it. Are you using the new permissions or old ones, And what version?

Thank you for clarifying, Nicolai

Oleg Rodionov Dynamicweb Employee
Oleg Rodionov


Wow, good catch! I was able to reproduce the issue with new permission model only on last DW9.10.15 as well. I've created new BUG 5183 against the issue, it's planned to fix in upcoming release. Thanks for finding!

BR, Oleg QA

Kristian Kirkholt Dynamicweb Employee
Kristian Kirkholt
This post has been marked as an answer

Hi Brian

The bugfix #5183 URL to Secure Folder is case sensitive 

Has been fixed in Dynamicweb version 9.10.17 
You can get this version from the download section

Please contact if there any questions regarding this

Kind Regards
Dynamicweb Support
Kristian Kirkholt

Votes for this answer: 1


You must be logged in to post in the forum