I would like to discuss the following scenario:
There is a website with an area which could only be seen in the frontend when logged in. Kind of restricted area. There the CMS will offer private pictures and documents - some of it for download.
Since silverstripe supports friendly urls one confidential picture for example could be reached at:
The content is secured by login, but the URL for the pic could be reached. I think this is not what most people want.
What is best praxis avoid this? Especially with the URL-rewriting URLs could get guessable.
Thanks for reply.