18 Nov
2007
18 Nov
'07
9 p.m.
Hmmm. This seems really ugly. I want to have a members-only section, where I can upload private files as attachments to stories. The nodeaccess module lets me restrict access to the story itself, but it looks like the file attachments would be wide open to any other customer of my web hosting service who can find the directory via the file manager (or shell access). Surely this is not good.
This is where .htaccess comes into its own perhaps.
You should be able to block access to the files directory and others you don't wish people to browse to.
Kelly