Support » Plugin: Page Security & Membership » [Plugin: Page Security by Contexture] What about secure file attachments?

  • sanderbontje

    (@sanderbontje)


    Just checking out if this plugin could be a solution for our community site. We have a private section that only a group of specific registered users can access. Some pages could contain file uploads that have been inserted by use of the WordPress editor’s Media Picker. Like notes from meetings that should not be shared with anyone else. I understand that the page itself can be protected by this plugin just fine.

    But what about the uploaded files? If someone had the direct link to such a file, would that file be world readable or will it be protected by this plugin through some .htaccess magic like Role Scoper claims to do?

    Just curious!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Matt van Andel

    (@veraxus)

    Funny thing, we talked about adding this kind of functionality internally at great length just last week… although our primary concern was office documents.

    So here’s my thoughts on this functionality, in raw brain-dump form:

    Technically speaking, this is definitely doable and certainly would require some htaccess magic. WordPress stores all uploaded files in /wp-content/uploads/ so you would add/modify the htaccess file there to serve up a page that can check permissions any time one of a certain type of file is requested (pdf, doc, docx, etc). Assuming the permissions check passes, you would then serve up the originally requested file. The permissions themselves would need to be set from WordPress’s media management screen, the same way permissions are set for posts right now.

    Difficulty wise, this kind of feature is 5/10… but it’s not on the release roadmap yet for one reason: ultimately, we decided to use Google Apps and integrate with the Google Docs API instead – as this allows us to use all those awesome collaboration features too.

    Now the API stuff won’t be in PSC as it’s WAY WAY out of scope, but we may pluginize it in the future as the existing Google Docs WP plugins are old, abandoned, pieces of broken junk.

    That said, the ultimate goal of PSC is to offer intuitive, functional, reliable protection options for EVERYTHING. This includes taxonomies, media, commenting, and everything in between. But it’s still just a free-time project – albeit one we add to every time we need a new feature ourselves… so there’s no telling when we’ll actually get around to it.

    Thread Starter sanderbontje

    (@sanderbontje)

    Hi Veraxus, thanks for the update and sharing your thoughts on this. Although it is not fitting our needs for now, I’ll keep a watch on this plugin!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Page Security by Contexture] What about secure file attachments?’ is closed to new replies.