Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

[solved]Privacy of Login Areas


Reply

2 Posts   847 Views

Avatar
slamby

10 March 2009 at 5:47am (Last edited: 11 March 2009 1:35am), Community Member, 21 Posts

I would like to discuss the following scenario:
There is a website with an area which could only be seen in the frontend when logged in. Kind of restricted area. There the CMS will offer private pictures and documents - some of it for download.

Since silverstripe supports friendly urls one confidential picture for example could be reached at:
http://www.myhost.com/assets/Uploads/NOT-FOR-YOUR-EYES.png
The content is secured by login, but the URL for the pic could be reached. I think this is not what most people want.

What is best praxis avoid this? Especially with the URL-rewriting URLs could get guessable.

Thanks for reply.
S.

Avatar
Willr

10 March 2009 at 9:21pm Forum Moderator, 5511 Posts

to protect the files you could try the secure files module - never used it but based on the title it sounded like a good place to start

http://silverstripe.org/installing-silverstripe/show/254742