[support] File system out of root
Ivan Sergio Borgonovo
mail at webthatworks.it
Wed Mar 19 13:36:13 UTC 2008
On Wed, 19 Mar 2008 09:21:43 -0400
Mark Shropshire <mdshrops at shropnet.com> wrote:
> Walter,
>
> I would love to hear more form others as I have a number of sites
> set to private where the folder is above the root web and I need
> to convert back to public with files in sites/default/files.
>
> Anyway, I do know that it is a good idea to make sure the files
> folder is about the root web our out of there when using private
> files setting. If you don't, someone who knows the correct file
> name can go directly to the file. If a private file is called via a
> drupal node, drupal will only stream the file out to the client if
> they have the proper permissions.
It is not "the solution" but it works. You just have to add
an .htaccess that deny all direct access.
--
Ivan Sergio Borgonovo
http://www.webthatworks.it
More information about the support
mailing list