From: A-P. L. <and...@an...> - 2011-07-29 08:10:38
|
Hello I am just returning to refbase to experiment a bit with the latest version. I have a question, though. Is it possible to store user-uploaded files above the root of the web server (so that they will not be directly accessible except after a login or something similar)? >From what I understand, files are stored in a directory created inside the the main refbase home directory. This means that if anyone can guess the name of the file's URL, they will be able to be downloaded. If it is not possible to store the files above the root of the directory, is there some way of protecting them? Thanks for any help. Andrew Lian -- -- Professor Dr. Andrew Lian School of English Institute of Social Technology Suranaree University of Technology 111 University Avenue Muang District Nakhon Ratchasima, Thailand, 30000 Emeritus Professor , University of Canberra, Canberra, ACT, Australia Vice-President of AsiaCALL e-mail: and...@an...; website: http://www.andrewlian.com We don't see things as they are, we see things as we are. (Anaïs Nin) The universe is made up of stories, not atoms (Muriel Rukeyser) When you change the way you look at things, the things you look at change (Max Planck) |
From: Richard K. <kar...@gm...> - 2011-08-01 06:34:53
|
> Is it possible to store user-uploaded files above the root of the web server > (so that they will not be directly accessible except after a login or > something similar)? You can certainly limit access to the file upload directory (defined in initialize/ini.inc.php) using .htaccess or other approaches. > From what I understand, files are stored in a directory created inside the > the main refbase home directory. This means that if anyone can guess the > name of the file's URL, they will be able to be downloaded. You can use the <:randomNumber:> token to make them unguessable. --Rick |