https?
On 12 April 2011 21:33, Paul Bennett <[email protected]> wrote: > Hi all, > I have an app with a content type that allows file attachments. The content > type is set to only allow users of a certain role to view these attachments, > which works fine after the node has been saved (the file inherits the nodes > permissions). > The way the drupal (6) upload module works however, is to load the file to > the server and then only apply the node or role level permissions after the > node is saved. > This means that between the time the file is loaded to the server and the > node is saved the file is completely unsecured, and my client is extremely > security conscious. > Does anyone have any suggestions for how to secure the file so it can't be > accessed directly before the node is saved? > (I've looked at the standard private upload option but the file is still > only secured after the node is saved) > Thanks, > Paul > > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
