Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

[solved]Privacy of Login Areas


Reply


2 Posts   898 Views

Avatar
slamby

Community Member, 21 Posts

10 March 2009 at 5:47am

Edited: 11/03/2009 1:35am

I would like to discuss the following scenario:
There is a website with an area which could only be seen in the frontend when logged in. Kind of restricted area. There the CMS will offer private pictures and documents - some of it for download.

Since silverstripe supports friendly urls one confidential picture for example could be reached at:
http://www.myhost.com/assets/Uploads/NOT-FOR-YOUR-EYES.png
The content is secured by login, but the URL for the pic could be reached. I think this is not what most people want.

What is best praxis avoid this? Especially with the URL-rewriting URLs could get guessable.

Thanks for reply.
S.

Avatar
Willr

Forum Moderator, 5513 Posts

10 March 2009 at 9:21pm

to protect the files you could try the secure files module - never used it but based on the title it sounded like a good place to start

http://silverstripe.org/installing-silverstripe/show/254742