Hi all, I have an app with a content type that allows file attachments. The content type is set to only allow users of a certain role to view these attachments, which works fine after the node has been saved (the file inherits the nodes permissions).
The way the drupal (6) upload module works however, is to load the file to the server and then only apply the node or role level permissions after the node is saved. This means that between the time the file is loaded to the server and the node is saved the file is completely unsecured, and my client is extremely security conscious. Does anyone have any suggestions for how to secure the file so it can't be accessed directly before the node is saved? (I've looked at the standard private upload option but the file is still only secured after the node is saved) Thanks, Paul -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
