[support] File system out of root
Mark Shropshire
mdshrops at shropnet.com
Wed Mar 19 13:38:38 UTC 2008
Good point Ivan.. Thanks!
Do you happen to know what to put into .htaccess to make this happen
so I can keep in my notes?
Also.. I think there was a summer of code project to allow private and
public files simultaneously. I haven't tried the module, but that
would be nice so you don't have to stream every image just because you
need a few files protected.
On Mar 19, 2008, at 9:36 AM, Ivan Sergio Borgonovo wrote:
> On Wed, 19 Mar 2008 09:21:43 -0400
> Mark Shropshire <mdshrops at shropnet.com> wrote:
>
>> Walter,
>>
>> I would love to hear more form others as I have a number of sites
>> set to private where the folder is above the root web and I need
>> to convert back to public with files in sites/default/files.
>>
>> Anyway, I do know that it is a good idea to make sure the files
>> folder is about the root web our out of there when using private
>> files setting. If you don't, someone who knows the correct file
>> name can go directly to the file. If a private file is called via a
>> drupal node, drupal will only stream the file out to the client if
>> they have the proper permissions.
>
> It is not "the solution" but it works. You just have to add
> an .htaccess that deny all direct access.
>
> --
> Ivan Sergio Borgonovo
> http://www.webthatworks.it
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list