No restriction over files added to a protected node

Remember that to have drupal enforce any sort of control over file downloads, you have to set the file handling to 'private' under admin/settings.

Beyond that, upload.module has a very simple permission scheme. Either you have permission to download all files, or none. There's nothing tac_lite can do about that. Submit a feature request to the upload module.

-Dave

I just came to the same realization as I was setting this up. My customer needs to sell members unique files, each tailored specifically for a specific user. With Search turned off, and with links to the tac_lite-secured node being sent directly to the users, how easy would it be for an anonymous user to locate files they are not supposed to be privy to?

With Search turned off, and with links to the tac_lite-secured node being sent directly to the users, how easy would it be for an anonymous user to locate files they are not supposed to be privy to?

I just realized that with fairly unique file names, there probably is no simple way for folks to locate files in this scenario, without actually knowing the file name. Is this true or am I missing something. If it is true, does anyone know of a nice freebie for creating a unique alpha-numeric code, which I might consider using in my filenames?

If you show a link to the file only to users with permission, then google would theoretically not index the file.

However, if you rely on an obscure URL for file security, nothing prevents a user with permission from emailing the URL to all his friends. Not a good idea.

Drupal's default file handling comes up short for many people. And there are many threads out there discussing alternatives.

Subscribe