I think you should make your files hidden or not accessible by web (with the help of .htaccess) and then make a controller that will return the file's data (with a new layout of course) which will return the file's mime and other good headers you like to send. the auth code should be on that controller too
i don't know if there are performance issues with this method but it is a sulotion On Mar 7, 10:32 am, "Alain Martini" <[EMAIL PROTECTED]> wrote: > Hello, > I have created a site that works with the oth authentication. I have a > "media" directory that contains medias that only authenticated users > should download. > I have created a controller wich read the directory (through the > "Folder" class) and a view that publish the file contents. > Now, how can i limit the download to the authenticated users only? > > Security by hiding the files is no security. > If i put an .htaccess in the media directoy can stop the downloads but > for everyone. And i dont want to add an extra .htaccess login > mechanism. > > Maybe someone has already solved that problem and can point me in the > right direction :-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---