[wp-edu] protecting uploaded files from direct download (multisite)
Joseph Ugoretz
joseph.ugoretz at mhc.cuny.edu
Sat Aug 10 20:57:37 UTC 2013
Wow thanks! That does look promising.
Joseph Ugoretz, PhD
Associate Dean
Teaching, Learning and Technology
Macaulay Honors College
City University of New York
macaulay.cuny.edu<http://macaulay.cuny.edu>
On Aug 10, 2013, at 4:45 PM, "Daniel Bachhuber" <d at danielbachhuber.com<mailto:d at danielbachhuber.com>> wrote:
Hey Joseph,
You might want to check out Ben Balter's Document Revisions, which has support for storing files outside of the web root:
http://wordpress.org/plugins/wp-document-revisions/
Regards,
Daniel
On Sat, Aug 10, 2013 at 1:43 PM, Joseph Ugoretz <joseph.ugoretz at mhc.cuny.edu<mailto:joseph.ugoretz at mhc.cuny.edu>> wrote:
Has anyone found a good solution for this?
Here's the basic scenario. A class site wants to post links to class readings (as PDFs) for the students to download and read. The instructor has copyright permission (or fair use exemption) to copy and distribute these readings to the class--but not to share them with the whole wide internet.
So she uploads the files, puts the links on a separate page, and password-protects that page. Then she gives the password for that page to the class, so the students can all get the files.
So far, so good, but the problem is that even though the page is password-protected, the uploaded files are not. So anyone who has the direct link can download those files without knowing the password. And google does index the content of pdf files, so it's very possible, in fact likely, that someone googling (for example) the author's name or some terms in the document will come across that direct link.
I've tried as many of the .htaccess tricks for preventing this as I can find. This looked like the best guide http://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/ but I tried many others.
None of them seem to work at all for multisite. They don't stop the problem in any way.
If you've got a tip or trick, I'd love to hear about it! I'd be happy with a solution that would work for the enitre network...or just for specific sites. I'm OK with just about anything that will work!
Thanks!
Joe
--
Joseph Ugoretz, PhD
Associate Dean
Teaching, Learning and Technology
Macaulay Honors College
The City University of New York
35 West 67th St.
New York, New York 10023
TEL 212-729-2920<tel:212-729-2920>
FAX 212-580-8130<tel:212-580-8130>
macaulay.cuny.edu<http://macaulay.cuny.edu>
_______________________________________________
wp-edu mailing list
wp-edu at lists.automattic.com<mailto:wp-edu at lists.automattic.com>
http://lists.automattic.com/mailman/listinfo/wp-edu
_______________________________________________
wp-edu mailing list
wp-edu at lists.automattic.com<mailto:wp-edu at lists.automattic.com>
http://lists.automattic.com/mailman/listinfo/wp-edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20130810/c1ed8c36/attachment.html>
More information about the wp-edu
mailing list