[TYPO3-english] Question about typolink.jumpurl.secure
Lorenz Ulrich
lorenz-typo3 at visol.ch
Sat Jun 18 21:57:48 CEST 2011
Anyone?
Am 16.06.2011 22:54, schrieb Lorenz Ulrich:
> Hi everyone
>
> I'm trying to find out what typolink.jumpurl.secure was actually made for.
>
> When I build a link with typolink and secure option set I get this:
>
> <http://typo3.dev/index.php?id=60&type=0&jumpurl=fileadmin%2Fmyfile.pdf&juSecure=1&mimeType=application%2Fpdf&locationData=60%3Att_content%3A111&juHash=7e37908fdb2ab2bf9ce9bf0e772dfe5e7f5a5ff1>
>
>
> This works fine. The only problem is that if I remove the juSecure stuff
> and form a link like this:
>
> <http://typo3.dev/index.php?id=60&type=0&jumpurl=fileadmin%2Fmyfile.pdf>
>
> .... I can download the file, too.
>
> As far as I know the jumpurl feature is to push the file directly (i.e.
> for counting reasons). By setting server directives I can prevent the
> user from GETting the file directly.
>
> But how can I enable a secured download without making the user see
> where exactly the file is on the file system? Because, if the user can
> see that the path to the file is "fileadmin/myfile.pdf", he can alter
> the jumpurl parameter to get "fileadmin/myfile2.pdf".
>
> Thanks and best regards,
>
> Lorenz
More information about the TYPO3-english
mailing list