[TYPO3] Noob question about secure private pages

James Corell jcorell at e-p-c-s.com
Thu Jul 19 17:57:27 CEST 2007 

I was thinking that if I couldn't find a solution to this, I would use
.htaccess files instead. That's not really going to be a solution, though,
because then I can't use a templated page and .htaccess unless I require two
logins: the FE login for the page, and the .htaccess login for the
downloads.

Do you have a snippet of code that deals with .jumpurl and .secure ?
Something to give me a kickstart. The plugins are undocumented and not
working.

-------------------------
James Corell
EPCS, 111 W. Mitchell St. Suite E, Gaylord, MI 49735
DSL for Businesses - Websites That Work!
jcorell at e-p-c-s.com www.e-p-c-s.com
989-732-1366 (fax 989-732-0893)



-----Original Message-----
From: typo3-english-bounces at lists.netfielders.de
[mailto:typo3-english-bounces at lists.netfielders.de]On Behalf Of
Christopher Torgalson
Sent: Wednesday, July 18, 2007 3:54 PM
To: TYPO3 English
Subject: Re: [TYPO3] Noob question about secure private pages


Hi,

On 7/18/07, James Corell <jcorell at e-p-c-s.com> wrote:
> Checked out both of those. Hidden pages still show if targeted directly by
> URL, and


He didn't explain it very well; you don't HIDE the page, you restrict
access to it--check the page record ("Edit page properties") for the
"Access" field.

When access is restricted to pages, they are NOT accessible--they
return a 404 header.


> PDFs still download if the secure URL (very long) is entered.
> Direct access is not a viable option. I need a solution that *requires* a
FE
> login.


There are at LEAST two other extensions in the TER for providing
secure downloads--including one based on sessions. There's not a lot
of documentation for them, but they're fairly simple to get running.

Furthermore, you can also use the TS filelink function [1]--check the
.jumpurl property:

".secure (boolean)If set, then the file pointed to by jumpurl is NOT
redirected to, but rather it's read from the file and returned with a
correct header. This option adds a hash and locationData to the url
and there MUST be access to the record in order to download the file.
If the fileposition on the server is furthermore secured by a
.htaccess file preventing ANY access, you've got secure download
here!"

Whether or not using TS directly is suitable depends quite a bit on
how you need to manage your downloads.

--
Christopher Torgalson
http://www.typo3apprentice.com/
_______________________________________________
TYPO3-english mailing list
TYPO3-english at lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list