[Flow] Best practice for secure downloads
Lorenz Ulrich
lorenz-typo3 at visol.ch
Tue Oct 8 18:48:59 CEST 2013
Hello everyone
I created a Gist with the current state of my (now working) implementation:
https://gist.github.com/phluzern/6887641
Thanks to Adrian Föder for his help.
Does anyone know if it's possible to use different resource
configuration for different resource objects?
Best regards,
Lorenz
Am 03.10.2013 14:56, schrieb Lorenz Ulrich:
> Hi there
>
> We are running a Flow application as an Intranet. One of the main parts
> is document management; our staff needs be to able to search and
> download internal documents.
>
> For documents we are using an own model that has a relation to a Flow
> resource that is published. Since it is published, the download link
> exposes the public URL making it possible to download a file even if
> someone is not authenticated.
>
> In the Flow guide I read the following:
>
> ---
> Security for files aka secure downloads
>
> add publishing configuration to resource objects
> publishing in subfolder named like session id
> optimization with role subdirs -> only publish once for a role
> server specific restriction publishing like .htaccess files for apache
> ---
>
> Is this still considered best practice? Does anyone have a working
> implementation of such a feature that could be shared as Gist (or similar)?
>
> Thanks and best regards,
>
> Lorenz
>
More information about the Flow
mailing list