I'm on a cPanel / Red Hat Linux Box.
I am looking to sell content on my site and in order to do this I want to make sure that people are not able to directly access files on my server unless they have paid (eg: domain.com/files/thefile.jpg).
I was thinking the way to do this would be to have my main public files directory that displays previews of files and this type of thing, and then I would have a secure folder that holds all the content for sale. The file names in here would be something like F8j2Z298gajFG31j8gaG!GJAg8asdfj21AKJj8zxcjqo324JGJA.jpg. You would only know this file URL if you had paid for the content under your user account.
The problem with this method is that technically somebody could still guess a filename, or once they buy it tell a friend what the name of the file is.
Is there any way to CHMOD files based or UIDs or any other type of technique that will fully accomplish this task?
The best thing to do would be to disallow every file except the purchased files for a certain UID. I just don't think this type of thing is possible, or is it?
Thanks!
Comments
filesystem
settings/file-system Download Method accomplishes this. put your files in a directory that are not accessible under the root of your website, then tell drupal the path. (e.g. a parent or sibling folder of your drupal install - not a child folder which is the default). I've heard there are a few holes in it, but look around drupal.org... for the most part, what you are asking for has been accomplished.
In other words, you don;t need to change file server security based on user. Let drupal handle the security