Extension Key: naw_securedl
Copyright 2006, Dietrich Heise, <typo3-ext(at)naw.info>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.com
In TYPO3, assets like PDFs, TGZs or JPGs etc. are normally just referenced by a URL e.g. to “fileadmin/...”. The file itself is delivered directly by the web server, and is therefore not part of the TYPO3 access control scheme – files remain unprotected, since URLs can be re-used, emailed, Google-included or even guessed.
The “naw Secure Download” extension (“naw_securedl”) changes this behavior: Files will now be accessed through a “secure.php” script that honors TYPO3 access rights.
This works regardless of where the files come from, is not limited to special plugins etc.
Since in most cases you will not want to protect everything (which means that everything undergoes rather performance-consuming access right checking), naw Secure Download is highly configurable. You may choose:
what directories to protect (e.g. you can include typo3temp or not,)
what file types to protect (do you want to protect JPGs or not? etc.)
what domains are considered local
As a complementary measure, you will of course need to configure your web server not to deliver these things directly (e.g. using .htaccess settings).
