[support] File system out of root
Mark Shropshire
mdshrops at shropnet.com
Wed Mar 19 15:03:44 UTC 2008
Ivan,
Thanks much. I will take your advise and think on it.
Mark
On Mar 19, 2008, at 10:57 AM, Ivan Sergio Borgonovo wrote:
> On Wed, 19 Mar 2008 09:38:38 -0400
> Mark Shropshire <mdshrops at shropnet.com> wrote:
>
>> Good point Ivan.. Thanks!
>
>> Do you happen to know what to put into .htaccess to make this
>> happen so I can keep in my notes?
>
> order allow,deny
> deny from all
>
> but then everything you put in files will be "private".
> That means that if you're publishing articles that contains pics,
> those pics will have to be served by PHP and by default there no way
> to allow access to some rule etc...
> You could surely place stuff through ftp in a different dir etc...
> but it is a bit of pain.
>
> You could:
> files (no .htaccess limits)
> files/private (.htaccess)
> +
> ftp
>
> you could write a "smarter" .htaccess that limit direct access to
> files with a certain pattern and instruct your users to upload node
> attachment following that rule. It would still be a PITA even if your
> users are willing to be instructed ;)
>
> There are modules that let you have private/public access:
> filemanager and private_upload
> I ended up coding my own solution due to my limited needs so I can't
> comment if the above may be up to the task, but they seemed the most
> promising.
>
> Maybe fckeditor (and others) can upload files in subdirs of files/.
> Be warned that such kind of toys may let people save files *below*
> your "root"... I think fckeditor has a strong enough reputation to
> avoid the problem... but I'd check the configuration of such kind of
> beasts before making any serious plan.
>
>
> --
> Ivan Sergio Borgonovo
> http://www.webthatworks.it
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list