Jump to content

Encrypt assest file

deepentim

By deepentim,
in Security

 Share

Recommended Posts

LostKobrakai Hero Member

LostKobrakai

Posted
Posted

There's FieldtypeSecureFile, which allows you to store files off the webserver root directory and therefore denying direct access to the file. You can then serve the file through your php code, which can check your rules for allowing access to it, before sending anything. I just want to emphasis, that this will need good configuration of the webserver and returned header data, otherwise you'll considerable increase the load on your webserver as content served this way is essentially not server-side cacheable as well as loading php for static files does need more computation. Client side caching can work, but depends on how fast you want to be able to revoke access again. 

I'll just add this part, because you didn't add a specific intend in your post: You shouldn't and really can't encrypt / hide content for unauthenticated users. If it needs to be publicly readable / accessable on your website then it's public no matter what you do. As long as the browser needs to have unauthenticated access everyone else has access, too.

  • Like 3
Link to comment
Share on other sites
Martijn Geerts Hero Member

Martijn Geerts

Posted
Posted

Maybe it's possible with Javascript to disable the inspector. Or with some hacky script the disables the rendering of the rendered source. Maybe you could disable the context click to the inspector. All the things you try, would be hacky. But you can't insure the the user can't see the source. Then there's always the raw source that you can get from the browser. This is just the nature of webbrowsers and has nothing to do with CMS.

You can prevent hotlinking on the other side.

Link to comment
Share on other sites
Wanze Hero Member

Wanze

Posted
Posted

I mean to say, I wanna compile assets of my websites so that when user inspects website, CSS files and images wont be shown from direct location. i.e path should be compiled like MD5.

And if the path is hashed, how should the browser find the CSS file? Can you please provide a link to a description of this feature from October CMS? 

  • Like 1
Link to comment
Share on other sites
teppo Hero Member

teppo

Posted
Posted

Perhaps temporary, one-time-only hashes?

Apart from making it impossible to continuously re-use your resources on other sites this makes very little sense to me: in order to use those resources the browser needs to download them and at that point there's no reason to hide them, since the user already has them. In other words this would make your site eat an awful amount of resources for very little actual benefit and it would make caching almost impossible.

On the other hand, if you really just want hashed URLs, and they don't need to be one-time, check out the AIOM+ module. It does some of what you've asked here out of the box, i.e. provides hash-style URLs for CSS and JavaScript resources. It does introduce some additional benefits speed-wise too, so it's not a bad idea to check it out either way.

  • Like 2
Link to comment
Share on other sites
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...