[TYPO3] Noob question about secure private pages

[Christopher Torgalson]

Hi,

On 7/18/07, James Corell <jcorell at e-p-c-s.com> wrote:
> Checked out both of those. Hidden pages still show if targeted directly by
> URL, and


He didn't explain it very well; you don't HIDE the page, you restrict
access to it--check the page record ("Edit page properties") for the
"Access" field.

When access is restricted to pages, they are NOT accessible--they
return a 404 header.


> PDFs still download if the secure URL (very long) is entered.
> Direct access is not a viable option. I need a solution that *requires* a FE
> login.


There are at LEAST two other extensions in the TER for providing
secure downloads--including one based on sessions. There's not a lot
of documentation for them, but they're fairly simple to get running.

Furthermore, you can also use the TS filelink function [1]--check the
.jumpurl property:

".secure (boolean)If set, then the file pointed to by jumpurl is NOT
redirected to, but rather it's read from the file and returned with a
correct header. This option adds a hash and locationData to the url
and there MUST be access to the record in order to download the file.
If the fileposition on the server is furthermore secured by a
.htaccess file preventing ANY access, you've got secure download
here!"

Whether or not using TS directly is suitable depends quite a bit on
how you need to manage your downloads.

-- 
Christopher Torgalson
http://www.typo3apprentice.com/