[TYPO3] access to files only for authenticated frontend users
Günter Hipler
guenter.hipler at unibas.ch
Thu Jan 24 10:28:13 CET 2008
Hi Pascal,
thanks for your answer!
The night before yesterday I looked around a little bit more and found
what I have seen in november last year. It was the extension
naw_securedl
(http://typo3.org/extensions/repository/view/naw_securedl/0.2.5/)
At the first glimpse it looks fine, because you are able to protect file
resources by apache means and the extension has implemented a way to
pass the apache protection.
But it has a great disadvantage: People who accessed a protected file
ressource might persist this link so google is able to put it up in his
index. Looking for naw-secured with google, you will find links like
http://www.et-inf.uni-hannover.de/typo3conf/ext/naw_securedl/secure.php?u=0&file=fileadmin/institut/_temp_/Herbert-Kind-Preis.pdf&t=1200465648&hash=220ec81cf050c7c1e438acf438765b3d
but the direct access is blocked by apache
http://www.et-inf.uni-hannover.de/fileadmin/institut/_temp_/Herbert-Kind-Preis.pdf
For me that's a hole.
I downloaded your recommended extension too and played a little bit
around with it. But I didn't have the clue (perhaps I hadn't enough
time) what's the sense of it. Unfortunately there is no documentation.
Günter
Pascal Cramer wrote:
> Günter,
> I guess you're looking for 'FHT Download Repository' ,key: fht_download
> It allows you to apply authentication for downloading to directories.
>
> Pascal
>
> Günter Hipler wrote:
>>
>> Hello all,
>>
>> I'm looking for a solution to restrict access to files only for
>> authenticated Typo3 frontend users.
>>
>> Scenario:
>> - users have to authenticate themselves as authorized frontend users
>> (use of newloginbox), so they can see on restricted Typo3 pages a list
>> of URLs to files they are allowed to access. Users shouldn't be forced
>> to authenticate once more against the Webserver (Apache) after login
>> as frontend user in case they access one of the files.
>> - But I have to use means of Apache authentication to prevent access
>> to these files beside the "Typo3 way" - or are there other possibilities?
>>
>> Some weeks ago I think I have seen the use of an extension which seems
>> to prevent the access to files beside Typo3 without authentication,
>> but unfortunately I can't find it again.
>>
>> Any ideas or hints are welcome!
>>
>> Günter
>>
>> Informationsverbund Deutschschweiz
>> c/o Universitaetsbibliothek Basel
>> Schoenbeinstrasse 18-20
>> CH-4056 Basel, Switzerland
>> Tel.: + 41 (0)61 267 31 12 Fax: ++41 61 267 3103
>> guenter.hipler at unibas.ch
>> http://www.informationsverbund.ch
>>
>>
More information about the TYPO3-english
mailing list