Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

[solved]Privacy of Login Areas


Go to End


2 Posts   1585 Views

Avatar
slamby

Community Member, 21 Posts

10 March 2009 at 5:47am

Edited: 11/03/2009 1:35am

I would like to discuss the following scenario:
There is a website with an area which could only be seen in the frontend when logged in. Kind of restricted area. There the CMS will offer private pictures and documents - some of it for download.

Since silverstripe supports friendly urls one confidential picture for example could be reached at:
http://www.myhost.com/assets/Uploads/NOT-FOR-YOUR-EYES.png
The content is secured by login, but the URL for the pic could be reached. I think this is not what most people want.

What is best praxis avoid this? Especially with the URL-rewriting URLs could get guessable.

Thanks for reply.
S.

Avatar
Willr

Forum Moderator, 5523 Posts

10 March 2009 at 9:21pm

to protect the files you could try the secure files module - never used it but based on the title it sounded like a good place to start

http://silverstripe.org/installing-silverstripe/show/254742