I have a SS site which has members only pages. Everything worked fine until I put some pdf links (eg www.mysite/assets/Uploads/members/books/myfirstbook.pdf) on one of the members' pages (www.mysite.com/members/), then google search can actually pick those pdf files up and everyone can view those pdf files without being a member through google.
How can I block non members to view those pdf files? I tried robot.txt and "secure files" module, but it hasn't worked so far.
What is the best way to hide those pdf files in the asset folder from google search?
You could sign up for google web master tools to remove pages you dont want included. But that won't stop yahoo, bing, or any old blog linking to your files.
For full security you need to keep your downloadable goods outside of the public web folder (www or public_html) away from the SS installation.
This is getting complicated but in the CMS field you can specify the upload directory. Then for the download you should make a new Controller which will act as a proxy between the user and the file. This Controller will check permissions, download count, or any other parameters.
Basically if you don't do this anyone downloading the file can then get hold of the link and share it round the web, exposing it for everyone else.