[wp-edu] protecting uploaded files from direct download (multisite)

Grant Swaim grant.swaim at gmail.com
Sat Aug 10 21:22:24 UTC 2013


Joseph,

Protecting the link on a page is a common problem in membership solutions.
The best way to so this is to use a plugin that generates an expiring URL
and pulls the files from Amazon's S3 service <http://aws.amazon.com/> . S3
is really cheap and the plugins are relatively cheap. There are a lot of
them on the market; however, I would use S3 Media
Maestro<http://www.s3mediamaestro.com/>($27 for a single site)

Also note you can deliver, and protect audio and video with these plugins
(players are built-in).

Grant


On Sat, Aug 10, 2013 at 4:57 PM, Joseph Ugoretz <joseph.ugoretz at mhc.cuny.edu
> wrote:

>  Wow thanks! That does look promising.
>
>
>  Joseph Ugoretz, PhD
> Associate Dean
> Teaching, Learning and Technology
> Macaulay Honors College
> City University of New York
> macaulay.cuny.edu
>
> On Aug 10, 2013, at 4:45 PM, "Daniel Bachhuber" <d at danielbachhuber.com>
> wrote:
>
>   Hey Joseph,
>
>  You might want to check out Ben Balter's Document Revisions, which has
> support for storing files outside of the web root:
>
>  http://wordpress.org/plugins/wp-document-revisions/
>
>  Regards,
>
>  Daniel
>
>
> On Sat, Aug 10, 2013 at 1:43 PM, Joseph Ugoretz <
> joseph.ugoretz at mhc.cuny.edu> wrote:
>
>> Has anyone found a good solution for this?
>>
>> Here's the basic scenario.  A class site wants to post links to class
>> readings (as PDFs) for the students to download and read.  The instructor
>> has copyright permission (or fair use exemption) to copy and distribute
>> these readings to the class--but not to share them with the whole wide
>> internet.
>>
>> So she uploads the files, puts the links on a separate page, and
>> password-protects that page.  Then she gives the password for that page to
>> the class, so the students can all get the files.
>>
>> So far, so good, but the problem is that even though the page is
>> password-protected, the uploaded files are not.  So anyone who has the
>> direct link can download those files without knowing the password. And
>> google does index the content of pdf files, so it's very possible, in fact
>> likely, that someone googling (for example) the author's name or some terms
>> in the document will come across that direct link.
>>
>> I've tried as many of the .htaccess tricks for preventing this as I can
>> find.  This looked like the best guide
>> http://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/but I tried many others.
>>
>> None of them seem to work at all for multisite.  They don't stop the
>> problem in any way.
>>
>> If you've got a tip or trick, I'd love to hear about it!  I'd be happy
>> with a solution that would work for the enitre network...or just for
>> specific sites.  I'm OK with just about anything that will work!
>>
>> Thanks!
>>
>> Joe
>>
>>
>>
>> --
>> Joseph Ugoretz, PhD
>> Associate Dean
>> Teaching, Learning and Technology
>> Macaulay Honors College
>> The City University of New York
>> 35 West 67th St.
>> New York, New York 10023
>> TEL 212-729-2920
>> FAX 212-580-8130
>> macaulay.cuny.edu
>>
>> _______________________________________________
>> wp-edu mailing list
>> wp-edu at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-edu
>>
>
>   _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
>
>
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
>
>


-- 
Grant Swaim
Site Admin
http://digitalliteracyproject.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20130810/7669de1d/attachment-0001.html>


More information about the wp-edu mailing list