Files and access control
A bit of confusion here:
1.) If files are 'public', they are stored under drupal document root and access can be controlled by the access settings based on roles. However, if people know the direct url to the file, they can circumvent the access settings. Is this right?
2.) If files are 'private', they are slightly more secure than 'public' and can also be controlled by access settings. They CANNOT be accessed by the direct url- is this right?
3.) If I move the 'files' folder above/to a different place from web root/drupal document root, they are much more secure and it doesn't really matter if I set it to public or private. Access to them can still be defined via access control settings based on roles and direct urls won't work. Is this correct?
In case of 3, I should add a slash before 'files' in the file system path field in admin/settings. Is this correct?
If files are public:
Web directory:
/public_htmlFiles directory:
/public_html/filesDrupal setting for folder:
filesor/public_html/filesWeb directory:
/public_htmlFiles directory:
/public_html/filesDrupal setting for folder:
filesor/public_html/filesWeb directory:
/public_htmlFiles directory:
/filesDrupal setting for folder:
../filesor/files--------------------------------------------------------------
http://erdemkose.com/
But this won't work
Hi,
i've set the handling to 'private' and my 'files' directory is outside the 'web' directory:
web directory: /web/drupal
files directory: /web/files
Drupal setting for folder: ../files or /files
I've created a simple site with a flash mp3 player which ist located in /drupal/player. The file to play with it cames from a subdirectory of /files.
When i click on play in the player he tries to load the track but can't do this.
Ist it possible to control this via the filerequest module..?
Regards,
brick1
What is the path of the file
What is the path of the file that flash player is trying to play? It should be something like
http://example.com/system/files/my_filename.mp3 (clean URLs ON)orhttp://example.com/?q=system/files/my_filename.mp3 (clean URLs OFF)orhttp://example.com/index.php?q=system/files/my_filename.mp3 (non-Apache).And one more thing: your flash player is an anonymous user for Drupal. You should give correct permissions to Anonymous Role.
--------------------------------------------------------------
http://erdemkose.com/
The path..
... in the player is:
/files/file.mp3.
I've also tried the path you described but it won't help.
This is the permission for the 'anonymous' user:
node module
access content [x]
When i uncheck this, anonymous users can't access any content of the site...
The Anonymous role is write protected so i can't give her another permission. :/
Regards,
brick1
//edit:
for a better understanding, here is the player code for the site:
<script type="text/javascript" src="playerMiniPackage/swfobject.js"></script>
<div id="flashPlayer">
Player grade ausser Betrieb.
</div>
<script type="text/javascript">
var so = new SWFObject("playerMiniPackage/playerMini.swf", "mymovie", "75", "30", "7", "#FFFFFF");
so.addVariable("autoPlay", "no");
so.addVariable("soundPath", "http://www.domain.tld/system/files/file.mp3"); <<== Example Path
so.write("flashPlayer");
</script>
Huiii
It seems that my problem is solved. :)
Now the player can access the files outside the webroot but a direct download via browser is not possible.
It was a bit tricky but to solve with the 'filerequest' module which fixes some confusing actions in the drupal private file behavior method.
After correcting the 'valid host' path, everithing works fine.
And at least:
Mr. erdemkose...
Many thanks for the advice with the URL and the explanation of the files handling behavior.
Kind Regards,
brick1
Damn..
...worked only for a short time and only by me... Others can't see the player or listen to sounds...
If any has an other idea, let me know.
brick1
Hi, thanks for answering. I
Hi, thanks for answering. I still have some questions, but not the time to put them here. A little later perhaps:-)