[TYPO3-dev] TYPO3 session verification on Apache level
Stefan Neufeind
typo3.neufeind at speedpartner.de
Fri Sep 21 13:02:44 CEST 2012
Hmm, maybe writing an htaccess-file which matches on a certain cookie?
But you'd have to remove that when the person logs out or permissions of
the page changes etc.
Extensions like naw_secure_dl secure links on a per-file-level based on
the page-rights from which those files are linked. So it doesn't only
protect a download-folder as a whole but also individual files and
permissions can "instantly" be removed (person logged out, permissions
on page changed).
Kind regards,
Stefan
On 09/21/2012 12:17 PM, Benjamin Beck wrote:
> Hi Bart,
>
> reading your mail i had this idea:
>
> You could generate a unique access id (maybe the session id?) and write this to the .htpasswd which protects the downloads..
> The you could use a http redirect to : http://gooduser:secretpassword@www.example.com..
>
> Benjamin
>
> On 21.09.2012, at 11:34, Bart Dubelaar <bart.dubelaar at logica.com> wrote:
>
>> Hi All,
>>
>> There are many solutions to secure static file downloads in TYPO3, DAM, FAL,
>> naw_securedl, etc. They all operate in the same way, call a PHP script
>> instead of the file directly.
[...]
More information about the TYPO3-dev
mailing list