[FLOW3-general] Security for files
Andreas Förthner
andreas.foerthner at netlogix.de
Thu Nov 24 12:54:51 CET 2011
Hi Andreas,
the whole system is based on roles, so its currently not possible. That
the files are accessible via a link and protected by .htaccess is
absolutely by intention. We explicitly didn't want to push the file
through php, as this is a bad idea for really big files. If you still want
to do, you probably just write your own controller that reads the file and
pushes it back to the client.
Greets Andi
Am 21.11.11 12:04 schrieb "Andreas Schütte" unter <schuette at naw.info>:
>Hi Andreas,
>
>thanks for the hint, that worked so far.
>
>As far as i can see, this is only role based but not account based, or
>am i missing some point her?
>We have a use case, where we need to publish files on a strictly account
>based way.
>
>Another problem is, that the published files are accessible via a link,
>although protected by a .htaccess file with an "allow from" IP. Maybe i
>am using the wrong view helper for that(f:uri.resource).
>
>
>Overall we need a similar functionality that the secure downloads
>extension for TYPO3 grants. The file resource should not be public
>accessible, but rather sent to client through a script, based on one or
>more accounts associated with the resource.
>Offers FLOW3 this already in some way or does we have to implement
>something on our own?
>
>
>Cheers,
>Andreas
>
>
>Am 17.11.2011 15:32, schrieb Andreas Förthner:
>> Hi Andreas,
>>
>> sorry, this part is somehow to be written ;-) For now you can use a
>>
>>\TYPO3\FLOW3\Security\Authorization\Resource\SecurityPublishingConfigurat
>>io
>> n object by adding it with setPublishingConfiguration() to your resource
>> object. In the publishing confiugration you can set roles, that should
>> have access to this resource.
>>
>> Hope this helps.
>>
>> Greets Andi
>>
>> Am 17.11.11 14:43 schrieb "Andreas Schütte" unter<schuette at naw.info>:
>>
>>> Hi,
>>>
>>> in the Security chapter of the FLOW3 Guide is a part called "Security
>>> for files aka secure downloads".
>>>
>>> Are there any examples how to use the publishing configurations? The
>>> Guide shows only a few points of what can be done, but unfortunately
>>> not how.
>>>
>>>
>>> Thanks in advance
>>> Andreas
>>>
>> Andreas Förthner
>> Leiter Web-Entwicklung
>>
>> Telefon: +49 (911) 539909 - 0
>> E-Mail: andreas.foerthner at netlogix.de
>> Website: media.netlogix.de
>>
>>
>> --
>> netlogix GmbH& Co. KG
>> IT-Services | IT-Training | Media
>> Andernacher Straße 53 | 90411 Nürnberg
>> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
>> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>>
>> netlogix GmbH& Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA
>>13338)
>> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB
>>20634)
>> Umsatzsteuer-Identifikationsnummer: DE 233472254
>> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>>
>>
>>
>>
Andreas Förthner
Leiter Web-Entwicklung
Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de
_______________________________________________
>>> FLOW3-general mailing list
>>> FLOW3-general at lists.typo3.org
>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>
>
>_______________________________________________
>FLOW3-general mailing list
>FLOW3-general at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
More information about the FLOW3-general
mailing list