[Flow] Best practice for secure downloads
Lorenz Ulrich
lorenz-typo3 at visol.ch
Thu Oct 3 14:56:15 CEST 2013
Hi there
We are running a Flow application as an Intranet. One of the main parts
is document management; our staff needs be to able to search and
download internal documents.
For documents we are using an own model that has a relation to a Flow
resource that is published. Since it is published, the download link
exposes the public URL making it possible to download a file even if
someone is not authenticated.
In the Flow guide I read the following:
---
Security for files aka secure downloads
add publishing configuration to resource objects
publishing in subfolder named like session id
optimization with role subdirs -> only publish once for a role
server specific restriction publishing like .htaccess files for apache
---
Is this still considered best practice? Does anyone have a working
implementation of such a feature that could be shared as Gist (or similar)?
Thanks and best regards,
Lorenz
More information about the Flow
mailing list