Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By colinjones on
I'm pulling my hair out! For some reason, before I log into my site (ie anonymous) my front page (which is a Views view) shows all my Upload Module files.
The view has several of the node's CCK fields, plus the file uploaded linked to the actual file. All the other fields are correctly invisible to anonymous, but the file names actually come up and link to the file, and the file content is accessible!
Even though under Permissions the anonymous user doesn't have ANY boxes ticked, most especially not the Upload Module:View Uploaded Files permission....
Can someone please point me in the right direction??
Comments
public vs. private
you'll have to set your file system to private at /admin/settings/file-system if you don't want anonymous users to see your files. part of that will also be creating a file directory above your web-accessible directories.
any files you've already created will have to be re-uploaded or shuffled around; switching between private and public files after the site has been created is sort of tricky. are you still in development?
you might also consider using http://drupal.org/project/filefield instead of core upload.
_
Be careful with the 'private' file system setting-- it has some undesirable consequences (including performance degradation). Much better to protect one or more directories where you're files are located. See http://drupal.org/node/189239 or some of the modules in the downloads area that address this. And this has been fixed in d7-- filefield fields can be public or private.
Thanks guys, I will look into
Thanks guys, I will look into these options!