diff --git a/.env b/.env
index 49602303..46f5ef51 100644
--- a/.env
+++ b/.env
@@ -31,6 +31,10 @@ DATABASE_URL=mysql://root:@127.0.0.1:3306/part-db?serverVersion=5.7
 
 ### Custom vars
 
+# Allow users to download attachments to the server by providing an URL
+# This could be a potential security issue, as the user can retrieve any file the server has access to (via internet)
+ALLOW_ATTACHMENT_DOWNLOADS=0
+
 FIXER_API_KEY=CHANGEME
 
 # Change this to true, if no url rewriting (like mod_rewrite for Apache) is available
diff --git a/config/parameters.yaml b/config/parameters.yaml
index a6c85ddf..e4690ec9 100644
--- a/config/parameters.yaml
+++ b/config/parameters.yaml
@@ -29,7 +29,7 @@ parameters:
   ######################################################################################################################
   # Attachments and files
   ######################################################################################################################
-  partdb.attachments.allow_downloads: false                   # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
+  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'  # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
   partdb.attachments.dir.media: 'public/media/'               # The folder where uploaded attachment files are saved (must be in public folder)
   partdb.attachments.dir.secure: 'uploads/'                   # The folder where secured attachment files are saved (must not be in public/)
 
@@ -44,6 +44,10 @@ parameters:
   ######################################################################################################################
   partdb.demo_mode: '%env(bool:DEMO_MODE)%'                   # If set to true, all potentially dangerous things are disabled (like changing passwords of the own user)
 
-
+  ######################################################################################################################
+  # Env default values
+  ######################################################################################################################
+  env(DEMO_MODE): 0
+  env(ALLOW_ATTACHMENT_DOWNLOADS): 0