Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

secure the assets folder


Go to End
Reply


19 Posts   5607 Views

Avatar
malinux

Community Member, 23 Posts

12 May 2009 at 4:10pm

Is it possible to secure files uploaded to the 'assets' folder?
The point would be that only logged in users that has access to a specifik page that links to these files can view them.

Could it be solved by moving the 'assets' folder outside apache DocumentRoot?

Other suggestions?

Avatar
Liam

Community Member, 470 Posts

12 May 2009 at 5:03pm

Have a dig around this module - http://www.silverstripe.org/secure-files/

Avatar
malinux

Community Member, 23 Posts

13 May 2009 at 9:45am

Cool somebody made a module. I will have a look at that module:-)

Avatar
HansR

Community Member, 140 Posts

7 June 2009 at 5:18pm

I just tried out that module, and it worked okay once I fixed the .htaccess file that it generated in the secure folder. It's RewriteBase line was missing the base URL. Changing it to:

RewriteBase /

made it work.

There are a few things that I wish that it could do. The first being group access. Right now you have to add individual users to the list. In a lot of cases, it would be easier to define a user group, and then just select the group for folder access.

The other thing that would be great, is if this were expanded to work with the eCommerce module (which appears to be neglected of late), so that people selling digital products can easily create an online shop with downloads automatically activated once paid.

Hans

Avatar
Hamish

Community Member, 712 Posts

7 June 2009 at 6:24pm

Hmm, I didn't need the rewrite base directive - my understanding is that you shouldn't need it. Can anyone else shed light on how that works?

Avatar
HansR

Community Member, 140 Posts

7 June 2009 at 6:49pm

RewriteBase sets the base URL for the rewrite rules. Your website is probably running on a different server program that behaves slightly differently. I'm using IIS-5, and it appears to assume that the URL base is whatever directory level the .htaccess file is in. This means that it's searching (I think) for /sapphire/main.php in whatever directory is the base to my secure assets. Setting RewriteBase to "/" means that it searches for /sapphire/main.php in the right place.

Hans

Avatar
FungshuiElephant

Community Member, 57 Posts

19 June 2009 at 2:21am

Sorry to hijack the thread a little but I'm having trouble installing this module on SS 2.3.0/1/.

I have extracted the sourcefiles and run dev/build. It's created the SecureFilePermission table but I don't seem to get the extra tabs in the Files and Folders tabs that would allow me to specify which files should be secured. The secure files folder isn't created in the assets folder either. I don't get any errors at all.

Any ideas anyone?

Avatar
HansR

Community Member, 140 Posts

19 June 2009 at 9:28am

@FungshuiElephant

It doesn't create a secure folder, you have to choose one. When you first open the Files & Images tab, you won't see any security options; click on a folder that you wish to secure, and the security options should appear, allowing you to activate security for that folder.

It does make sense to create a folder called "secure," and stick all files and sub-directories that require secure access inside that.

Hans

Go to Top