Index: /FCKeditor/branches/versions/2.5.x/editor/filemanager/connectors/aspx/config.ascx
===================================================================
--- /FCKeditor/branches/versions/2.5.x/editor/filemanager/connectors/aspx/config.ascx	(revision 1243)
+++ /FCKeditor/branches/versions/2.5.x/editor/filemanager/connectors/aspx/config.ascx	(revision 1244)
@@ -23,18 +23,29 @@
 --%>
 <script runat="server">
+	
+	/**
+	 * This function must check the user session to be sure that he/she is
+	 * authorized to upload and access files in the File Browser.
+	 */
+	private bool CheckAuthentication()
+	{
+		// WARNING : DO NOT simply return "true". By doing so, you are allowing
+		// "anyone" to upload and list the files in your server. You must implement
+		// some kind of session validation here. Even something very simple as...
+		//
+		//		return ( Session[ "IsAuthorized" ] != null && (bool)Session[ "IsAuthorized" ] == true );
+		//
+		// ... where Session[ "IsAuthorized" ] is set to "true" as soon as the
+		// user logs in your system.
 
-	/**
-	 * The "@" char indicates the key to be used to override a setting by using
-	 * the Session, Application or appSettings in the Web.config file.
-	 */
+		return false;
+	}
 
 	public override void SetConfig()
 	{
 		// SECURITY: You must explicitly enable this "connector". (Set it to "true").
-		// @ FCKeditor:Connector:Enabled
-		Enabled = false;
+		Enabled = CheckAuthentication();
 
 		// URL path to user files.
-		// @ FCKeditor:Connector:UserFilesPath
 		UserFilesPath = "/userfiles/";
 
@@ -43,5 +54,4 @@
 		// absolute path. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 		// Attention: The above 'UserFilesPath' URL must point to the same directory.
-		// @ FCKeditor:Connector:UserFilesAbsolutePath
 		UserFilesAbsolutePath = "";