21308 Posts in 5737 Topics by 2603 members
| Go to End | Next > | |
| Author | Topic: | 4398 Views |
-
secure the assets folder
12 May 2009 at 4:10pm
Is it possible to secure files uploaded to the 'assets' folder?
The point would be that only logged in users that has access to a specifik page that links to these files can view them.Could it be solved by moving the 'assets' folder outside apache DocumentRoot?
Other suggestions?
-
Re: secure the assets folder
12 May 2009 at 5:03pm
Have a dig around this module - http://www.silverstripe.org/secure-files/
-
Re: secure the assets folder
13 May 2009 at 9:45am
Cool somebody made a module. I will have a look at that module:-)
-
Re: secure the assets folder
7 June 2009 at 5:18pm
I just tried out that module, and it worked okay once I fixed the .htaccess file that it generated in the secure folder. It's RewriteBase line was missing the base URL. Changing it to:
RewriteBase /
made it work.
There are a few things that I wish that it could do. The first being group access. Right now you have to add individual users to the list. In a lot of cases, it would be easier to define a user group, and then just select the group for folder access.
The other thing that would be great, is if this were expanded to work with the eCommerce module (which appears to be neglected of late), so that people selling digital products can easily create an online shop with downloads automatically activated once paid.
Hans
-
Re: secure the assets folder
7 June 2009 at 6:24pm
Hmm, I didn't need the rewrite base directive - my understanding is that you shouldn't need it. Can anyone else shed light on how that works?
-
Re: secure the assets folder
7 June 2009 at 6:49pm
RewriteBase sets the base URL for the rewrite rules. Your website is probably running on a different server program that behaves slightly differently. I'm using IIS-5, and it appears to assume that the URL base is whatever directory level the .htaccess file is in. This means that it's searching (I think) for /sapphire/main.php in whatever directory is the base to my secure assets. Setting RewriteBase to "/" means that it searches for /sapphire/main.php in the right place.
Hans
-
Re: secure the assets folder
19 June 2009 at 2:21am
Sorry to hijack the thread a little but I'm having trouble installing this module on SS 2.3.0/1/.
I have extracted the sourcefiles and run dev/build. It's created the SecureFilePermission table but I don't seem to get the extra tabs in the Files and Folders tabs that would allow me to specify which files should be secured. The secure files folder isn't created in the assets folder either. I don't get any errors at all.
Any ideas anyone?
-
Re: secure the assets folder
19 June 2009 at 9:28am
@FungshuiElephant
It doesn't create a secure folder, you have to choose one. When you first open the Files & Images tab, you won't see any security options; click on a folder that you wish to secure, and the security options should appear, allowing you to activate security for that folder.
It does make sense to create a folder called "secure," and stick all files and sub-directories that require secure access inside that.
Hans
| 4398 Views | ||
| Go to Top | Next > |
