In order to avoid unwanted downloads you have to put your file outside your web dir (maybe you can store files in data/). This will prevent direct download (apache will not able to reach your files). The next step is to implement an action that read and serve the file, only fot authorized users. This way your files will be accessible only form your symfony action.
Here's an example of what I'm saying (I've not tested the code in the post but seems correct) http://www.symfony-zone.com/wordpress/2009/08/03/serving-pdf-files-through-symfony-controllers/ Cheers Francesco --- Francesco Tassi More about me http://flavors.me/ftassi -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en