[TYPO3-english] problem with naw_securedl
Loek Hilgersom
loek at netcoop.nl
Tue Jun 11 10:59:31 CEST 2013
Hi Horace,
naw_securedl creates a link for each download with a hash which is valid for a
limited period of time. If you have the link, you can download the file until
the link expires. If you make sure only users who are logged in can get the
links, then only they can download the files. IIRC, you can set the expiration
time in the EM settings for the extension (look for the setting which is
cryptically called 'cachetimeadd').
Of course, if they would send the link to someone else by email, that person can
download the file (until the link expires), but they could also send them the
file itself....
Hth,
Loek
On 10-06-13 23:31, horace grant wrote:
> On Mon, Jun 10, 2013 at 11:00 PM, <jean-sebastien_gervais at ssss.gouv.qc.ca>wrote:
>
>> Greetings Horace,
>>
>> naw_sercuredl does restrict access to files (with proper apache configs)
>> to authentifacted users only, be it front end users or back end users.
>>
>
> yes, i know. but i can download the files even if i am not logged into the
> frontend or backend.
> what could be the reason for this?
>
> i have also added an .htaccess file into the "secured" directory but i
> guess this is only for preventing using the direct link to the file. i has
> nothing to do with the naw_securedl links?
>
> cheers,
> horace
>
>
More information about the TYPO3-english
mailing list