diff --git a/Controller/LogController.php b/Controller/LogController.php
index 67aa6be..cdeacba 100755
--- a/Controller/LogController.php
+++ b/Controller/LogController.php
@@ -24,7 +24,9 @@ public function fileAction($id, $type)
         $cronManager = $this->get('foa.cron_bundle.cron_manager');
         $cron = $cronManager->getById($id);
         $filepath = ($type == 'log') ? $cron->getLogFile() : $cron->getErrorFile();
-        $content = file_get_contents($filepath);
+        // TODO: re-activate when secure
+        // $content = file_get_contents($filepath);
+        $content = 'File content not displayable.';
 
         return $this->render('FOACronBundle:Dashboard:log.html.twig', [
             'filepath' => $filepath,
diff --git a/Manager/Cron.php b/Manager/Cron.php
index f674f5d..0ae66a9 100755
--- a/Manager/Cron.php
+++ b/Manager/Cron.php
@@ -54,6 +54,7 @@ class Cron
 
     /**
      * @var string
+     * @CronAsserts\LogFile()
      */
     protected $logFile = null;
 
@@ -66,6 +67,7 @@ class Cron
 
     /**
      * @var string
+     * @CronAsserts\LogFile()
      */
     protected $errorFile = null;
 
diff --git a/Validator/Constraints/LogFile.php b/Validator/Constraints/LogFile.php
new file mode 100644
index 0000000..a1a025c
--- /dev/null
+++ b/Validator/Constraints/LogFile.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace FOA\CronBundle\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+
+/**
+ * @Annotation
+ * @author JM Leroux <jmleroux.pro@gmail.com>
+ */
+class LogFile extends Constraint
+{
+    public $message = 'Invalid log path "%string%".';
+}
diff --git a/Validator/Constraints/LogFileValidator.php b/Validator/Constraints/LogFileValidator.php
new file mode 100644
index 0000000..7a85f26
--- /dev/null
+++ b/Validator/Constraints/LogFileValidator.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace FOA\CronBundle\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+/**
+ * @author JM Leroux <jmleroux.pro@gmail.com>
+ */
+class LogFileValidator extends ConstraintValidator
+{
+    /** @var string */
+    private $appDir;
+
+    /**
+     * @param string $appDir
+     */
+    public function __construct($appDir)
+    {
+        $this->appDir = $appDir;
+    }
+
+    /**
+     * @param string $value
+     * @param Constraint $constraint
+     */
+    public function validate($value, Constraint $constraint)
+    {
+        $allowedPattern = '#(app/logs?)|(^/tmp)#';
+        if (!preg_match($allowedPattern, $value)) {
+            $this->context->buildViolation($constraint->message)
+                ->setParameter('%string%', $value)
+                ->addViolation();
+        }
+    }
+}