Jump to:

23378 Posts in 18298 Topics by 2867 members

General Questions

SilverStripe Forums » General Questions » [Solved]Protecting Files in Asset Folder

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1685 Views
  • davidm2010
    Avatar
    Community Member
    107 Posts

    [Solved]Protecting Files in Asset Folder Link to this post

    Is there a way to allow access to assets folder only through Silverstripe?

    Here is an example:

    I have an audio file in a sub folder to assets. I have the mp3 player playing the song in an audio page. The page shows the source as http://mysite/Uploads/Music/song.mp3. When you go to the url, then the browser prompts to open or save. How do I keep this being viewable but still allow SS to do what it needs to do?

    DM

  • Mo
    Avatar
    Community Member
    506 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    I would be interested to know if this is possible as well. I can see why it would be disabled by default, as I imagine it could cause server load to increase quite a bit.

    I guess you could implement this functionality yourself, if you just create a new controller then add some new rules to director that would route all URL's that use "assets" to use your new controller.

    Once in there I guess you could get Silverstripe to return the file, based on the URL, only if the user has permission (IP, Logged in, Whatever).

    Don't ask me to write any code though, i have enough to do (sorry) .

    Mo

  • davidm2010
    Avatar
    Community Member
    107 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    I think there is more to it than that. I think you would have to create a user, give that user permission to read/write.execute to the folder, then some how, make SS that user. So that the only way to access the folder is as that user through SS.

    Once you had that, then it is pure code. So the first question is, how do you make SS a user so they only SS can access the folder? Rather than the user logged in, SS security would then kick in.

    I wouldn't ask anyone to write special code, but thank you for considering it.

    DM

  • Mo
    Avatar
    Community Member
    506 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    Well I think that depends what your server config is?

    If its apache, I use http://mpm-itk.sesse.net/ to achieve this. If it is IIS, then you need to configure what user account IIS uses for that SS install. By default I believe it is something like "IIS_USR".

    Technically, if you add your rules to Director, then traffic will not be able to access the assets folder through a web browser, as the request will be picked up by SS. I suppose it doesn't hurt to be safe though .

    One other thing, you would also need to remove the reference in your .htaccess file that disables URL rewriting for files with a suffix like .gif or .jpg.

    Hopefully that gives you some food for thought?

    Mo

  • Bruce B
    Avatar
    Community Member
    145 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    Guys,
    have you looked at the secure files module?
    http://www.silverstripe.org/secure-files/
    It stops assets downloads without a login but I don't think it solves the problem of allowing a file to be viewed on a SS page but not through a direct URL.

  • Mo
    Avatar
    Community Member
    506 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    Oooo, I haven't actually seen that before, I am definitely going to check that out .

    Ta very much!

  • davidm2010
    Avatar
    Community Member
    107 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    @Bruce B - Thank you. I had seen this module before. Sometimes until you have a problem, you don't understand the solution. I will test this out and see if this is what I am looking for.

    DM

  • davidm2010
    Avatar
    Community Member
    107 Posts

    Re: [Solved]Protecting Files in Asset Folder Link to this post

    FYI - I have been working with this module and it is very promising. Anyone else needing this I recommend looking at this thread http://www.silverstripe.org/general-questions/show/16293#post301011#post301011.

    1685 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.