This issue is NOT with the file uploader javascript client. If any uploaded files are accessible without credentials, this is the fault of the developer who wrote the server-side code and did not take proper security precautions.

[ reply ]