Jump to:

23001 Posts in 11702 Topics by 2827 members

General Questions

SilverStripe Forums » General Questions » secure the assets folder

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2 3
Go to End
Author Topic: 5168 Views
  • malinux
    Avatar
    Community Member
    23 Posts

    secure the assets folder Link to this post

    Is it possible to secure files uploaded to the 'assets' folder?
    The point would be that only logged in users that has access to a specifik page that links to these files can view them.

    Could it be solved by moving the 'assets' folder outside apache DocumentRoot?

    Other suggestions?

  • Liam
    Avatar
    Community Member
    470 Posts

    Re: secure the assets folder Link to this post

    Have a dig around this module - http://www.silverstripe.org/secure-files/

  • malinux
    Avatar
    Community Member
    23 Posts

    Re: secure the assets folder Link to this post

    Cool somebody made a module. I will have a look at that module:-)

  • HansR
    Avatar
    Community Member
    140 Posts

    Re: secure the assets folder Link to this post

    I just tried out that module, and it worked okay once I fixed the .htaccess file that it generated in the secure folder. It's RewriteBase line was missing the base URL. Changing it to:

    RewriteBase /

    made it work.

    There are a few things that I wish that it could do. The first being group access. Right now you have to add individual users to the list. In a lot of cases, it would be easier to define a user group, and then just select the group for folder access.

    The other thing that would be great, is if this were expanded to work with the eCommerce module (which appears to be neglected of late), so that people selling digital products can easily create an online shop with downloads automatically activated once paid.

    Hans

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: secure the assets folder Link to this post

    Hmm, I didn't need the rewrite base directive - my understanding is that you shouldn't need it. Can anyone else shed light on how that works?

  • HansR
    Avatar
    Community Member
    140 Posts

    Re: secure the assets folder Link to this post

    RewriteBase sets the base URL for the rewrite rules. Your website is probably running on a different server program that behaves slightly differently. I'm using IIS-5, and it appears to assume that the URL base is whatever directory level the .htaccess file is in. This means that it's searching (I think) for /sapphire/main.php in whatever directory is the base to my secure assets. Setting RewriteBase to "/" means that it searches for /sapphire/main.php in the right place.

    Hans

  • FungshuiElephant
    Avatar
    Community Member
    57 Posts

    Re: secure the assets folder Link to this post

    Sorry to hijack the thread a little but I'm having trouble installing this module on SS 2.3.0/1/.

    I have extracted the sourcefiles and run dev/build. It's created the SecureFilePermission table but I don't seem to get the extra tabs in the Files and Folders tabs that would allow me to specify which files should be secured. The secure files folder isn't created in the assets folder either. I don't get any errors at all.

    Any ideas anyone?

  • HansR
    Avatar
    Community Member
    140 Posts

    Re: secure the assets folder Link to this post

    @FungshuiElephant

    It doesn't create a secure folder, you have to choose one. When you first open the Files & Images tab, you won't see any security options; click on a folder that you wish to secure, and the security options should appear, allowing you to activate security for that folder.

    It does make sense to create a folder called "secure," and stick all files and sub-directories that require secure access inside that.

    Hans

    5168 Views
Page: 1 2 3
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.