I have Razuna 1.8 RC2 setup and I have been playing around with it the last few days. One thing I noticed is that when I preview an asset that is an image I am taken to a URL with a structure like:
While I am required to login to access the tenant, the asset is available to any device that can access the server if the URL is known, no login required. I have tested this from other devices that have never accessed Razuna and if I copy & paste the URL I can access the asset. Since I am new to Razuna I’m assuming I am missing a setting somewhere that will only allow authorized users to access assets even by direct URL. Any help would be appreciated.
Thanks for your reply. I am currently testing out several DAM solutions and by far like the feel of Razuna the best. I hope this is something the developers look into at some point. If I were to deploy this product this would concern me. Technically all assets inside Razuna are available to anyone assuming an Asset ID is known. This could be found in browser history or by scripts created just for this purpose. While the asset ID is long it is also static which gives brute-force a chance. It would be nice if there was at least an option to only allow access to authenticated users or removing the URL variables and only creating them when an asset/collection was shared.