[TYPO3-english] Question about typolink.jumpurl.secure
Lorenz Ulrich
lorenz-typo3 at visol.ch
Thu Jun 16 22:54:28 CEST 2011
Hi everyone
I'm trying to find out what typolink.jumpurl.secure was actually made for.
When I build a link with typolink and secure option set I get this:
<http://typo3.dev/index.php?id=60&type=0&jumpurl=fileadmin%2Fmyfile.pdf&juSecure=1&mimeType=application%2Fpdf&locationData=60%3Att_content%3A111&juHash=7e37908fdb2ab2bf9ce9bf0e772dfe5e7f5a5ff1>
This works fine. The only problem is that if I remove the juSecure stuff
and form a link like this:
<http://typo3.dev/index.php?id=60&type=0&jumpurl=fileadmin%2Fmyfile.pdf>
... I can download the file, too.
As far as I know the jumpurl feature is to push the file directly (i.e.
for counting reasons). By setting server directives I can prevent the
user from GETting the file directly.
But how can I enable a secured download without making the user see
where exactly the file is on the file system? Because, if the user can
see that the path to the file is "fileadmin/myfile.pdf", he can alter
the jumpurl parameter to get "fileadmin/myfile2.pdf".
Thanks and best regards,
Lorenz
More information about the TYPO3-english
mailing list