prevent direct access to files

  • Resolved coffeeandmore23

    (@coffeeandmore23)


    4 years, 2 months ago

    Hi!

    I wonder how to protect the uploaded file from downloads? Is there a function within the plugin that I haven’t seen yet?

    It should be possible to prevent the direct access of the media file via the link, because no foundry wants their fonts to be downloaded, right?

    Is there a plugin you recommend?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author kontur

    (@kontur)

    4 years, 2 months ago

    Hey there!

    There really is no absolutely feasible way to protect the web fonts, since they are sent to the browser for rendering. I can recommend using it the python library fonttools (and it’s pyftsubset terminal command) or fontsquirrel to make subsets of the font, that require only those characters you wish to include in the tester.

    One feature that has been requested before and which I hope to add to the plugin at some point would be hiding the physical file paths. Note, however, that this still does not prevent someone from accessing the files — it just would make it a little more obfuscated.

    You have to think of woff files like jpgs or pngs — you need to send them to the browser in order to render them; which also means that they can technically be downloaded to the computer.

    I hope this helps explain the status quo 🙂

    Thread Starter coffeeandmore23

    (@coffeeandmore23)

    4 years, 2 months ago

    Hi kontur,

    thank you for your answer – the feature that helps to hide the path sounds good, but as you said, it doesn’t really solve the issue.

    I tried to use this plugin: https://preventdirectaccess.com/features/
    Please take a look! It does exactly what I like, but it seems like it isn’t working with font sampler.

    It seems like font sampler also can’t access the file, right? Could you provide a way that works?

    In the “prevent direct access access” plugin you can generate private URLs, that actually have access – so it would be imaginable, that one could edit the path in font sampler and insert the private URL, right?

    Unfortunately at the moment, I cannot edit the path, as it is generated when uploading the font to the media library…

    Plugin Author kontur

    (@kontur)

    4 years, 2 months ago

    Hey,

    thanks, this looks like an interesting plugin, but we are talking about different things.

    Since the Fontsampler preview works with actual webfont files, those files need to be sent to the browser to render the fonts. To come back to my analogy with images, just like you can right-click and save any image on any website, you can also (a bit less conveniently) download any webfont rendered in the browser.

    If you would use a plugin like the above to restrict access to the webfont files, people could not view them in their browser either. Viewing the webfont is equal to downloading the webfont. This is the nature of woff webfonts, not a limitation of my Plugin, I am afraid 🙂

    That said, a hiding of the file paths themselves might be a feature to add in the future, but that yields very little actual protection.

    Plugin Author kontur

    (@kontur)

    4 years, 2 months ago

    I’ve implemented an option to proxy the physical file paths in 0.4.5 which was just released. For now, that is the best that can be done 🙂

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘prevent direct access to files’ is closed to new replies.