Is there any way to have files or a directory of files inside the assets directory that can only be downloaded after the user has logged in? I have seen one or two people asking this question, but no solutions so far.
A default Silverstripe install allows direct download of the files via the .htaccess configuration. My web host allows secure folders to be created, but how would the users and groups of the server be matched to Silverstripe's users/groups so that logging in gives access to those files? Having to log in via basic HTTP authentication would look ugly.
Please note adding the download to a password protected page does *not*make the download secure. If someone would forward the URL of the download - or say a search engine indexes it anyone can download the file.