Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SecureFiles 0.21 Released - Testers + Translations please!


Go to End


44 Posts   11562 Views

Avatar
UncleCheese

Forum Moderator, 4102 Posts

10 March 2010 at 8:10am

One more thing.. will this hide my secured files from site search?

Avatar
Hamish

Community Member, 712 Posts

10 March 2010 at 8:33am

Edited: 10/03/2010 8:38am

@Juanitou Thanks! That's a big help toward making this a polished module.

@UncleCheese It should do. As long as you can't see the file when you're not logged in, Google shouldn't be able to index it. As an additional precaution, make sure directory indexing is turned off (eg: Options -Indexes in your httpd.conf). I might add this to the htaccess rules, but it relies on the AllowOverrides directive to be on in httpd.conf so it isn't really a good idea for me to include it. Might add that to the installation docs.

Just a note - the way that we're serving files is memory intensive. Should be fine for things like Resumes and images though.

In trunk, I've sped up the 'normal' method and I'm experimenting with the mod_xsendfile apache module that uses sendfile headers to pass the request back to apache (or lighttpd which natively supports these headers). This should allow SecureFiles to provide access to any file that could normally be served - e.g streaming video, very large files etc, without impacting on your website performance.

Avatar
UncleCheese

Forum Moderator, 4102 Posts

10 March 2010 at 9:00am

Thanks, Hamish. I guess I'm not so much concerned with Google search as I am with the Silvertripe native search, since it uses the database, not a spider. Can you comment on that?

Avatar
Hamish

Community Member, 712 Posts

10 March 2010 at 9:11am

According to SearchForm.php, results should be filtered by permission:

// filter by permission
if($results) foreach($results as $result) {
	if(!$result->canView()) $results->remove($result);
}

This is the same permission check performed by SecureFileController so yes, secured files shouldn't appear in search unless you have permission to view them.

That said, I haven't tested this - so make sure for yourself first :)

Avatar
UncleCheese

Forum Moderator, 4102 Posts

10 March 2010 at 9:35am

Love it! Thanks.

Avatar
weberho

Community Member, 15 Posts

10 March 2010 at 10:11pm

Nicely done. Attached you'll find the German translation.

Thank you a lot!

Avatar
Hamish

Community Member, 712 Posts

11 March 2010 at 6:24am

Thanks!

Avatar
weberho

Community Member, 15 Posts

11 March 2010 at 10:51pm

I have just recognized, that I have sent you the german translation encoded in UTF-8, while FR and ES translations are encoded in ISO-8859-1. I think, those should be converted to UTF-8, too.