Trust a major strategy in Security

Was looking out some good English Speaking training course website for my cousin to become a fluent English speaker.

On opening the homepage I found the section "Free trial".

DailyStep free trial



I did the same thing as all guys do.Click on the Free trial link,created my account.I personally feeling happy to get the 5 free audio English lessons.

I clicked on one of my lessons link and come to the page, found the download link of the audio file.

 

DailyStep download link

 

Copied and pasted the url in the browser and the downloaded the file.

https://www.dailystep.com/en/download/file/fid/13531

Just change the fid in the url and tried to download some random file with file id.

I thought what the Shit!  

I then look around which drupal module has provided this route.After checking I got to know that this is the download file module which provides this route.After checking I assume that it might be permission stuff problem.

I found the similar permission problem on the drupal.org as well https://www.drupal.org/node/2394993

Trust is the Major Strategy in Security of any web application.We should be sure which user role we should assign which permissions.

Note: Published the post after suggesting the fix to the site owner Jane