[TYPO3-dam] handling data outside of teh document root
Krystian Szymukowicz
t33kRE.MO.VE. at RE.MO.VE.prolabium.com
Wed May 23 12:48:58 CEST 2007
ben van 't ende [netcreators] pisze:
> Thomas Hempel wrote:
>> Hi Krystian,
>>
>>> A filename for a stream could be get from a special field in DAM file
>>> properties: "File download name". A description of that field is: "A
>>> file name which should be used to download the file in a potential
>>> frontend application."
>>>
>>> What do you think?
>> Could be a solution but I'm not a friend of "security by obscurity". ;-)
>>
>> Greets,
>> Thomas
>
> Hey,
>
> Agree! This should be solved on server level. I am sure there is some apache
> configuration that does not permit direct access to the images from outside, but
> only permits access thru the website itself.
>
> Let me know if you figure it out. Otherwise I can ask one of our guys later on.
You right. Something like this in .htaccess of the directory we want to
protect.
RewriteEngine On
RewriteRule .*\.(jpg|gif|bmp|png)$ [NC,F]
One disadvantage is that it prevents DAM from showing the oryginal file
when you press button magnifier - "Show file". But this is a very little
disadvantage - the rest of the DAM works pretty well with that.
I wonder if it will be secure enough for Thomas : )
--
greetings
Krystian
More information about the TYPO3-project-dam
mailing list