I've just set up a new store running Commerce File 7.x-1.0 and I've added 2 test files. When I log out, those files are visible and downloadable by anyone that's not logged in. The files are set to to upload to "Private files". I'm also running Filefield Sources and on Product Variations I've selected "File attach from server directory" as I upload these files via an ftp program and then I select "File Attach" when I want to select the file that's in the "/file_attach" folder on my server as per documentation.
It's maybe helpful to mention that the path to the file that I'm viewing while I'm logged out is "mywebsite.com/system/files/07%20Wake%20Me%20Up_0.m4v" ...if that's of any help.
I've gone into my Product Display and hid "File" so the file doesn't display on the Product Display but would like to secure it the proper way...what am I doing wrong that anyone could download these files?
Thank you
Comment | File | Size | Author |
---|---|---|---|
#1 | Screen Shot 2013-12-09 at 10.12.42 PM.png | 30.15 KB | hmartens |
Screen Shot 2013-12-09 at 9.58.24 PM.png | 20.01 KB | hmartens |
Comments
Comment #1
hmartens CreditAttribution: hmartens commentedComment #2
bojanz CreditAttribution: bojanz commentedSounds like you misconfigured the private files, they are coming from the same directory as the regular files.
Comment #3
bojanz CreditAttribution: bojanz commented