I’m trying to apply a security to one of my folders under the web folder in File Service. I only want authenticated users to be able to view these files.
I read this article and implemented according to my understanding.
Problem I’m having is that I am still able to view files in the said folder even if I’m not authenticated.
Also, I read this other article on implementing an even more strict security wherein I only want users to have access to their own files and should not be able to access other users files. On this article, there is a method to grant access for a user.
To grant access for a user
FilePermission.READ.grantForUser( userid, url, responder ); FilePermission.DELETE.grantForUser( userid, url, responder ); FilePermission.WRITE.grantForUser( userid, url, responder );
If I use the above method, will it automatically deny all other users to that file?
One more thing. Is it a good idea to put user upload files in the web directory instead of the root directory? Are there any disadvantages in doing this?
Appreciate any feedback.