Posted by Korchkidu on October 3, 2009 at 3:42pm
Jump to:
| Project: | Ubercart Marketplace |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (works as designed) |
Issue Summary
Hi,
When a user uploads a file when creating a file product, it is first moved to the Drupal file directory. After the form submission, it then moved to a "private" directory for security reasons. But before the user actually submit the form, it is publicly available, no? If yes, I there a simple way to force uploading the file in the private final directory directly?
Best regards.
K.
Comments
#1
It is temporarily available publicly, but per the recommendation (hopefully noted somewhere in docs), if you make the filefield upload directory some very long randomly named subdirectory of /files, you get relatively good security (because no one will be able to guess the subdirectory name).
#2
See Turgrid's post. This is basically how Ubercart does it. If you can think of a better way, post the idea as a feature request, and I will be happy to add it to the code.