One of my customers have a media archive with lots of documents that their members can download.
The problem is that the members should only have access (front-end) to THEIR documents. My customer is worried that the member could easily change the url and find another members document.
Do anyone have a good solution to solve this?
I was thinking of encrypting the url and decrypting it on request but im not sure if this is the easiest/best way.
Vasi, It will be hard to maintain that kind of solution backen when the folders are named by a GUID :) and also the url to the media item has nothing to do with the folder name.
Richard, looking at the screenshot I thought that this was only for back end used but i must have misundestood it :)
Usually you assign a member or group indeed. But you want every member being able to download? It's possible using the event system but then you miss the power of the API functionality to check if a user has access before displaying a link.
What might be better is to create a default group and add every member to that group via the cmsMember2MemberGroup database table and then allow that default group to download the documents?
Every member has a folder in the media archive and only that member should have access to that folder.
The customer is worried that another member could just change a number in the media url and be able to find other members document.
So in that case I suppose I have to create a group to each member?
Protect media url
Hi!
One of my customers have a media archive with lots of documents that their members can download.
The problem is that the members should only have access (front-end) to THEIR documents.
My customer is worried that the member could easily change the url and find another members document.
Do anyone have a good solution to solve this?
I was thinking of encrypting the url and decrypting it on request but im not sure if this is the easiest/best way.
HI Froad,
Create folders for each member by using a GUID which will be hard to guess.
Hence only the member who has the link for the file/folder will be able to access it, since GUIDs are hard to guess.
Though this many not be a full fledged solution, but by this we can add some amount of security to the files/folders
Hope this helps.
Regards
Vasi
Hi,
I wrote a package for this Media protect. It allows you to protect your media items in the same simple way you protect documents in Umbraco.
You can protect documents per member or role. More info and download on http://our.umbraco.org/projects/website-utilities/media-protect
Hope this helps,
Richard
Txh for your tips!
Vasi, It will be hard to maintain that kind of solution backen when the folders are named by a GUID :) and also the url to the media item has nothing to do with the folder name.
Richard, looking at the screenshot I thought that this was only for back end used but i must have misundestood it :)
I'll give it a go!
Thanks, please let me know if you have any questions and I should do my marketing better ;-)
Richard, you wrote that it can be protected by member or by role, but its not possible to assign existing members if their not in a member group?
I have around 200 members and they are not in a unique member group. Do I have to create a member group per each member then?
Usually you assign a member or group indeed. But you want every member being able to download? It's possible using the event system but then you miss the power of the API functionality to check if a user has access before displaying a link.
What might be better is to create a default group and add every member to that group via the cmsMember2MemberGroup database table and then allow that default group to download the documents?
Every member has a folder in the media archive and only that member should have access to that folder. The customer is worried that another member could just change a number in the media url and be able to find other members document. So in that case I suppose I have to create a group to each member?
Oh no you can assign the username then. Check page 8 http://soetemansoftware.nl/media/5120/mediaprotect-manual.pdf When yopu map an existing user you don't need a password. Does that make sense?
Perfect! Just what I was looking for :)
Maybe you should clearify that you could use an existing member they way you described it to me :)
It's on the list, was thinking the same when I did the suggestion.
is working on a reply...