[TYPO3-english] Extension naw_securedl bug or intentional?

Bas bvbmedia at gmail.com
Sat Jun 27 16:15:43 CEST 2009

Hi henrik,

Im aware of this security issue. 

I fixed it by using a modrewrite rule that checks if a specific cookie is set.

Once the fe user logs in i set the specific cookie. That way its more secured.

Ps beware to set your own cookie and not use the fe user cookie cause that one is always defined (also for not logged in users).


Bas van Beek

----- Oorspronkelijk bericht -----
Van: Henrik Fosgerau <hf at oerskov.dk>
Verzonden: woensdag 24 juni 2009 15:05
Aan: typo3-english at lists.netfielders.de
Onderwerp: [TYPO3-english] Extension naw_securedl bug or intentional?

I'm using the extension "Secure downloads" - naw_securedl 


It works as described - allowing access to files only for some FE-user

But after testing access to files, I discovered that I can access protected
files without being logged in as a FE user.

In the backend interface I accessed the file from the fileadmin module list
of files.

The URL I got via backend is similar to the protected frontend URLs.



When I use this URL I can access the file from a browser without being
logged in as a FEuser.


Does anybody know if this behavior is intentional or a bug?


Henrik Fosgerau

TYPO3-english mailing list
TYPO3-english at lists.netfielders.de

More information about the TYPO3-english mailing list