Hi, I have some file uploads that should be only available for specific people. How to protect them? I'm thinking of two approaches:
* Generate a unguessable filename on upload, but how to configure that?
* Add a middleware that checks for user access which takes more effort and more error prone.
Considering you'll use a collection, you could maybe change the document (/file) name with the
) and then restrict the access with the
). Haven’t done anything similar so if anyone else has more experience on this matter please feel free to share
@thgh - as @Migu said, I would restrict the
access directly on your upload collection. You could add a field to your users collection (role
or similar) to determine who should be able to access the file, and another field on your uploads collection (protected
or similar) to set whether or not the document is protected.
The read access thing is clear, bit how do I change the filename of an upload?
Is there an example available per chance?
To be clear: I have somewhat guessable filenames now, so the limited collection read access doesn't protect the files from hackers.