Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

SecureFiles 0.21 Released - Testers + Translations please!


Reply

44 Posts   5877 Views

Avatar
UncleCheese

10 March 2010 at 8:10am 4085 Posts

One more thing.. will this hide my secured files from site search?

Avatar
Hamish

10 March 2010 at 8:33am (Last edited: 10 March 2010 8:38am), Community Member, 712 Posts

@Juanitou Thanks! That's a big help toward making this a polished module.

@UncleCheese It should do. As long as you can't see the file when you're not logged in, Google shouldn't be able to index it. As an additional precaution, make sure directory indexing is turned off (eg: Options -Indexes in your httpd.conf). I might add this to the htaccess rules, but it relies on the AllowOverrides directive to be on in httpd.conf so it isn't really a good idea for me to include it. Might add that to the installation docs.

Just a note - the way that we're serving files is memory intensive. Should be fine for things like Resumes and images though.

In trunk, I've sped up the 'normal' method and I'm experimenting with the mod_xsendfile apache module that uses sendfile headers to pass the request back to apache (or lighttpd which natively supports these headers). This should allow SecureFiles to provide access to any file that could normally be served - e.g streaming video, very large files etc, without impacting on your website performance.

Avatar
UncleCheese

10 March 2010 at 9:00am 4085 Posts

Thanks, Hamish. I guess I'm not so much concerned with Google search as I am with the Silvertripe native search, since it uses the database, not a spider. Can you comment on that?

Avatar
Hamish

10 March 2010 at 9:11am Community Member, 712 Posts

According to SearchForm.php, results should be filtered by permission:

// filter by permission
if($results) foreach($results as $result) {
   if(!$result->canView()) $results->remove($result);
}

This is the same permission check performed by SecureFileController so yes, secured files shouldn't appear in search unless you have permission to view them.

That said, I haven't tested this - so make sure for yourself first :)

Avatar
UncleCheese

10 March 2010 at 9:35am 4085 Posts

Love it! Thanks.

Avatar
weberho

10 March 2010 at 10:11pm Community Member, 15 Posts

Nicely done. Attached you'll find the German translation.

Thank you a lot!

Avatar
Hamish

11 March 2010 at 6:24am Community Member, 712 Posts

Thanks!

Avatar
weberho

11 March 2010 at 10:51pm Community Member, 15 Posts

I have just recognized, that I have sent you the german translation encoded in UTF-8, while FR and ES translations are encoded in ISO-8859-1. I think, those should be converted to UTF-8, too.