[TYPO3] access to files only for authenticated frontend users

Günter Hipler guenter.hipler at unibas.ch
Thu Jan 24 10:28:13 CET 2008 

Hi Pascal,

thanks for your answer!

The night before yesterday I looked around a little bit more and found 
what I have seen in november last year. It was the extension 
naw_securedl 
(http://typo3.org/extensions/repository/view/naw_securedl/0.2.5/)

At the first glimpse it looks fine, because you are able to protect file 
resources by apache means and the extension has implemented a way to 
pass the apache protection.

But it has a great disadvantage: People who accessed a protected file 
ressource might persist this link so google is able to put it up in his 
index. Looking for naw-secured with google, you will find links like

http://www.et-inf.uni-hannover.de/typo3conf/ext/naw_securedl/secure.php?u=0&file=fileadmin/institut/_temp_/Herbert-Kind-Preis.pdf&t=1200465648&hash=220ec81cf050c7c1e438acf438765b3d
but the direct access is blocked by apache
http://www.et-inf.uni-hannover.de/fileadmin/institut/_temp_/Herbert-Kind-Preis.pdf

For me that's a hole.

I downloaded your recommended extension too and played a little bit 
around with it. But I didn't have the clue (perhaps I hadn't enough 
time) what's the sense of it. Unfortunately there is no documentation.

Günter


Pascal Cramer wrote:
> Günter,
> I guess you're looking for 'FHT Download Repository' ,key: fht_download
> It allows you to apply authentication for downloading to directories.
> 
> Pascal
> 
> Günter Hipler wrote:
>>
>> Hello all,
>>
>> I'm looking for a solution to restrict access to files only for 
>> authenticated Typo3 frontend users.
>>
>> Scenario:
>> - users have to authenticate themselves as authorized frontend users 
>> (use of newloginbox), so they can see on restricted Typo3 pages a list 
>> of URLs to files they are allowed to access. Users shouldn't be forced 
>> to authenticate once more against the Webserver (Apache) after login 
>> as frontend user in case they access one of the files.
>>  - But I have to use means of Apache authentication to prevent access 
>> to these files beside the "Typo3 way" - or are there other possibilities?
>>
>> Some weeks ago I think I have seen the use of an extension which seems 
>> to prevent the access to files beside Typo3 without authentication, 
>> but unfortunately I can't find it again.
>>
>> Any ideas or hints are welcome!
>>
>> Günter
>>
>> Informationsverbund Deutschschweiz
>> c/o Universitaetsbibliothek Basel
>> Schoenbeinstrasse 18-20
>> CH-4056 Basel, Switzerland
>> Tel.:   + 41 (0)61 267 31 12 Fax: ++41 61 267 3103
>> guenter.hipler at unibas.ch
>> http://www.informationsverbund.ch
>>
>>

More information about the TYPO3-english mailing list