• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Protect files from being downloaded via URLRewriteFilter / login filter?

 
Michael Cropper
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a way to protect files from being downloaded?

I have set up a login system so only people with a valid username/password can view the pages, but when I put the full URL of a particular file into the browser when logged out I can still download the file.

Since Google is extremely good at getting its hands on material that it shouldn't, I don't want this to be possible.

The login filter I have set up is for anything within the directory "/secure/" - which is where I have put the documents, although they are still accessible directly.

Has anyone had any experience of this?

Thanks
Michael
 
Paul Clapham
Sheriff
Posts: 21416
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had to fix my servlet filter so that it DID allow users who weren't logged in to download images and CSS and things like that. So it shouldn't be difficult to write a filter which doesn't allow users who aren't logged in to download files.
 
Michael Cropper
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Looks like I was being a little impatient :-) The filter I have in place actually already does what I need. Must have been Chrome lagging a little when I was testing this

Michael
 
Paul Clapham
Sheriff
Posts: 21416
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Alrighty then! I quite often forget to do the right set of things to refresh my test server after I make changes, too.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic