latest stable versions: v150827 (changelog)
top⇑

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Home Forums Reza Soltani

About: Reza Soltani

Sorry, I've not written a description yet. I'll get to it soon!

Topics I'm Subscribed To

Viewing topic 1 (of 1 total)
Topic Count Last Reply
Restricted Folder

By:  Reza Soltani in: Community Forum

voices: 4
replies: 5

4 years, 9 months ago  Cristián Lávaque

Viewing topic 1 (of 1 total)

Topics I've Started

Viewing topic 1 (of 1 total)
Topic Count Last Reply
Restricted Folder

By:  Reza Soltani in: Community Forum

voices: 4
replies: 5

4 years, 9 months ago  Cristián Lávaque

Viewing topic 1 (of 1 total)

My Latest Replies (From Various Topics)

Viewing 2 replies - 1 through 2 (of 2 total)
Author Replies
Author Replies
Posted: Sunday Apr 1st, 2012 at 10:21 pm #9726
Reza Soltani
Username: mdesigners

ok. I just figured out from older posts that according to Jason, URI request restriction only applies to WordPress “content” and not files.

Then URI is not a workaround. Now, the question is:

1. is it safe to use the full s2member-files path to call restricted files or is the whole security deal implemented with the /?s2member_file_download=filename.html calling.

ie is it safe to point to a restricted address with a static URL: http://www.mydomain.com/wp-content/plugins/s2member-files/filename.html ? is it safe to reveal the full path (wp-content/plugins/etc…) to the whole world even though they must be logged in to access it anyway?

2. I’m an intermediate PHP developer, would I be able to move the s2member-files folder to something like this (www.mydomain.com/restricted-files)?
Posted: Sunday Apr 1st, 2012 at 9:03 pm #9724
Reza Soltani
Username: mdesigners

thanks for the tips. I wasn’t able to use either one.

Another possible solution may be using URI Request restrictions. Is the security level of URI Request restriction as good as files in the s2member-files folder?

Which one is more secure or are both 100% secure for specified membership levels:

http://www.domain.com/?s2member_file_download=folder555/index.html
vs.
http://www.domain.com/folder555/index.html (after restricting uri request “folder555” for certain membership level.

I created folder555 in root using the FTP client.
Viewing 2 replies - 1 through 2 (of 2 total)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.