This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Is it possible to secure files uploaded to the 'assets' folder?
The point would be that only logged in users that has access to a specifik page that links to these files can view them.
Could it be solved by moving the 'assets' folder outside apache DocumentRoot?
Other suggestions?
Have a dig around this module - http://www.silverstripe.org/secure-files/
Cool somebody made a module. I will have a look at that module:-)
I just tried out that module, and it worked okay once I fixed the .htaccess file that it generated in the secure folder. It's RewriteBase line was missing the base URL. Changing it to:
RewriteBase /
made it work.
There are a few things that I wish that it could do. The first being group access. Right now you have to add individual users to the list. In a lot of cases, it would be easier to define a user group, and then just select the group for folder access.
The other thing that would be great, is if this were expanded to work with the eCommerce module (which appears to be neglected of late), so that people selling digital products can easily create an online shop with downloads automatically activated once paid.
Hans
Hmm, I didn't need the rewrite base directive - my understanding is that you shouldn't need it. Can anyone else shed light on how that works?
RewriteBase sets the base URL for the rewrite rules. Your website is probably running on a different server program that behaves slightly differently. I'm using IIS-5, and it appears to assume that the URL base is whatever directory level the .htaccess file is in. This means that it's searching (I think) for /sapphire/main.php in whatever directory is the base to my secure assets. Setting RewriteBase to "/" means that it searches for /sapphire/main.php in the right place.
Hans
Sorry to hijack the thread a little but I'm having trouble installing this module on SS 2.3.0/1/.
I have extracted the sourcefiles and run dev/build. It's created the SecureFilePermission table but I don't seem to get the extra tabs in the Files and Folders tabs that would allow me to specify which files should be secured. The secure files folder isn't created in the assets folder either. I don't get any errors at all.
Any ideas anyone?
@FungshuiElephant
It doesn't create a secure folder, you have to choose one. When you first open the Files & Images tab, you won't see any security options; click on a folder that you wish to secure, and the security options should appear, allowing you to activate security for that folder.
It does make sense to create a folder called "secure," and stick all files and sub-directories that require secure access inside that.
Hans
