[TYPO3-english] Question about typolink.jumpurl.secure
Alexander Stehlik
alexander.stehlik at googlemail.com
Mon Jun 20 19:58:12 CEST 2011
Hi Lorenz,
the trick is to use a directory in fileadmin (e.g. fileadmin/secure/)
and protect it with .htaccess.
The users will still be able to download them with the jumpurl secure
link but they won't be able to access the files directly any more.
Kind regards,
Alex
Am 18.06.2011 21:57, schrieb Lorenz Ulrich:
> Anyone?
>
> Am 16.06.2011 22:54, schrieb Lorenz Ulrich:
>> Hi everyone
>>
>> I'm trying to find out what typolink.jumpurl.secure was actually made
>> for.
>>
>> When I build a link with typolink and secure option set I get this:
>>
>> <http://typo3.dev/index.php?id=60&type=0&jumpurl=fileadmin%2Fmyfile.pdf&juSecure=1&mimeType=application%2Fpdf&locationData=60%3Att_content%3A111&juHash=7e37908fdb2ab2bf9ce9bf0e772dfe5e7f5a5ff1>
>>
>>
>>
>> This works fine. The only problem is that if I remove the juSecure stuff
>> and form a link like this:
>>
>> <http://typo3.dev/index.php?id=60&type=0&jumpurl=fileadmin%2Fmyfile.pdf>
>>
>> .... I can download the file, too.
>>
>> As far as I know the jumpurl feature is to push the file directly (i.e.
>> for counting reasons). By setting server directives I can prevent the
>> user from GETting the file directly.
>>
>> But how can I enable a secured download without making the user see
>> where exactly the file is on the file system? Because, if the user can
>> see that the path to the file is "fileadmin/myfile.pdf", he can alter
>> the jumpurl parameter to get "fileadmin/myfile2.pdf".
>>
>> Thanks and best regards,
>>
>> Lorenz
>
More information about the TYPO3-english
mailing list