As the title suggests, I'm just wondering whether the audio modules "download" links intentionally bypass the Drupal private file system?

I have my site setup using the Private file system, so that my content cannot simply be hotlinked from elsewhere, but I recently noticed that the audio module download links appear to disregard my Private file system choice, and allow other sites to hotlink my audio files?

Surely this should be an option, as I realize some people would want this to be allowed, but for those of us fighting content theft it makes things a little difficult.

Thoughts?

Comments

hexa’s picture

Yes it does and i don't like it either but we are welcome to fix it :-)
See here:
http://drupal.org/node/153522
and here:
http://drupal.org/node/149253

drewish’s picture

private files don't prevent hotlinking. they require that file access respect drupal's access permissions. the audio module respects the permissions. you can limit access by removing play or download permissions from anonymous users.

drewish’s picture

Status: Active » Closed (won't fix)

private files don't prevent hotlinking. they require that file access respect drupal's access permissions. the audio module respects the permissions. you can limit access by removing play or download permissions from anonymous users.

mediafrenzy’s picture

Hmmm interesting - I was not aware of that. I had always been under the impression that one of the primary uses of the private file system was to ensure only your own domain could serve file content (no matter what permissions were given). I guess I was wrong, apologies...