Files uploaded to the Media Library (including attachments to content types such as Resources) are uploaded to our public CDN, which is accessible to anyone with the direct file URL.

If you need to upload files that are not intended to be publicly accessible, such as files with sensitive student information, you should not upload them to the Media Library. Instead, you can use a private file sharing service and link to the files from your VCC website. In short, share a link to the sensitive file; not the file itself.

Your institution may already have a secure file sharing service that you can use. For instance, Google Workspace includes Google Drive; Microsoft 365 includes OneDrive. Files on these services can be configured to only allow access by specific people, such as students with an email address at (your institution).edu. If you need help finding a secure file hosting platform, please contact your institution's IT department.

The content of those posts and pages is protected, but the files themselves are still publicly accessible if someone figures out their exact URL. If you instead link to an off-site, secure file sharing service, access to the files can be restricted.

For example, this resource is only accessible to logged-in users: https://premiumdemo.demo.uconnectlabs.com/resources/protected-resource/. Any content on the page is protected.

However, the file attached to the resource can be found at https://premiumdemo.demo.uconnectlabs.com/wp-content/uploads/sites/113/2025/01/secret-file.docx and downloaded even if the user is logged out. The file is not easy to find, but it's still not protected.

The CDN uses a predictable URL structure, so even if you use a long or complex filename, it is still possible for a person (or a bot) to guess the URL and access the file. "Security through obscurity" is not a reliable method of protecting files.

Configuration data is not stored in the Media Library and is still safe to upload through settings pages in your dashboard or secure channels such as an S3 bucket.