The ChartPlugin generates files with graphs from tables. Those files are stored in the /pub/-folder. That means, that all these files can be accessed, without any login although for example a public Extranet of a company is completely closed to users with accounts.
I saw the Output-description, but could not decipher, if this problem could be solved by a different parameter.
Is this an error in the plugin or the configuration?
This issue is a general issue: all files under pub/ can be viewed without going through access checks. If this is an issue, you need to set up secure attachments: AccessControl -- KoenMartens - 30 Oct 2008 Thanks a lot. -- MartinSeibert - 30 Oct 2008 Shouldn't that be secured by default with new installations? -- MartinSeibert - 30 Oct 2008 The problem with this default is that
This issue is a general issue: all files under pub/ can be viewed without going through access checks. If this is an issue, you need to set up secure attachments: AccessControl -- KoenMartens - 30 Oct 2008 Thanks a lot. -- MartinSeibert - 30 Oct 2008 Shouldn't that be secured by default with new installations? -- MartinSeibert - 30 Oct 2008 The problem with this default is that
viewfile is a heavy script and it adds a huge load on the server. Since this issue is documented, I marked this as No action required
-- GilmarSantosJr - 04 Apr 2009
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. 
