-
- 409 Posts
Hi,
I have a small problem with a customer.
The website has a member access, within several docs only for the members (ie. pdf).
I have set a media source called "Members" with a path to /assets/docs/members/
But when you are not logged as Members, you can access to a file inside the /assets/docs/members/ directory if you know the name.
How can I avoid this and protect every file inside this Media Source for anyone else which are not autorized ?
If you are using static resource to access those files you can store them outside of the web root. The only tricky part is that static resources don't really work with media sources. You can view the media source and select the file and get its path within the media source, but the media source part of the path won't be included.
I work around this by using a chunk with the media source path - in your case, assets/docs/members/, and put the chunk tags in front of the path part that the static resource gets (everything after the assets/docs/members/ part).
So if you use something like /home/domain/docs/members/ for the media source path, where your web root is /home/domain/www/, then you can use links to the static resources to make the downloads available, and nobody else can access those files. The URL will be the URL to the static resource, too.
You'll also need to create a custom content type, .pdf and binary, and set the static resource's content disposition to be attachment to make them downloadable.
☆ A M B ☆
☆ A M B ☆
