Feature #6605

Integrate the security policy into resource management

Added by Andreas Förthner almost 12 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Should have
Category:
Security
Start date:
Due date:
% Done:

100%

Estimated time:
30.00 h
PHP Version:
Has patch:
Complexity:

Description

Resources are basically objects that can be secured by model security (see #6604). We'll have to find a solution how secured files have to be handled by the resource manager.

One possiblity would be:

We have a special virtual folder named after the secure session key that holds symlinks to all resources the current user is allowed to access. We could also add a dynamic rewrite rule that restricts access to this folder to the IP of this user. The folder would have to "expire" with the user session.


Related issues

Related to TYPO3.Flow - Major Feature #5659: Implement content securityResolvedAndreas Förthner2009-12-07

Actions

Also available in: Atom PDF