How to keep user-tracker file uploads private?
Hi Tiki enthusiasts,
I've created a user tracker for a private organisation's wiki and have successfully configured it so that the data entered is private to the user and admins only. However, members will also be uploading some confidential files such as scans of their passports / driving licenses, but I can't figure out how to keep these private using the new file upload plugin.
I can do it with the old style image upload plugin: even though unauthenticated anonymous users can view these files via their URLs, the long random UUID as the URL's filename, combined with the use of mandatory SSL, make snooping / brute-force guessing the filename an intractable task and it can therefore be considered secure.
With the new file gallery upload plugin however, each file uploaded is simply given an index number and a user can view any other user's uploads just by adding or subtracting a few numbers to/from their own file URL.
I've tried setting the gallery to be private / upload-only but then the user can't see their own files and they see a broken image icon when viewing their user tracker page.
Is there some magic combination of settings that can allow this, or shall I stick with the old-style image upload plugin? I don't mind doing that but I get an ugly warning saying that module is deprecated when I use it.
Thanks,
Iddles