diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 2a772a949..4ecff7a40 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -23,6 +23,7 @@ class AttachmentsController < ApplicationController
   before_filter :delete_authorize, :only => [:destroy]
   before_filter :authorize_global, :only => [:upload]
   before_filter :authorize_attachment_download1, :only => [:download]
+  before_filter :has_login
   #before_filter :login_without_softapplication, only: [:download]
   accept_api_auth :show, :download, :upload
   require 'iconv'
@@ -511,4 +512,8 @@ private
       format.js
     end
   end
+
+  def has_login
+    render_403 unless User.current.logged?
+  end
 end