2004-05-30 18:41:00
access with no previous validation 2
Hello Greg
Thanks for your reply. However I have another question. I have noticed that this problem doesn't occur with your demo application. I mean, if I try to open any content of the demo just by entering the URL address in a web browser it will as for my validation. How did you do that? Why does it work with your demo application?
By the way, you say that "students would have to know the names of files in your content directory to acces them"... I tell you that it is very easy for them if smart enough as they are.... to try to log on after their period of validation is over. This is a main concern for me as I intend to charge for the use of my content, so I don't want anybody to access them without a validation.
Please, tell me how did you make that for your demo the validation works?
thank you.
just in case I include my previos email and your response
******************************
Previous message:
I have installed Atutor version 1.3.2 on a server running Linux SME (Mitel). It has been working properly, however I have found a problem that would like you to help me find the solution.
The problem is the following:
I have found that any content that has been imported into ATutor and that I have configured with restricted access, can be accessed without previous validation only by entering the complete URL of the content in a web browser.
e.g. By simply entering ATutor.com/content/3/marketingdemo/index.php on a web browser anybody can access the content. In this example, "marketingdemo" is the name of the course. It has created a directory strucutre inside the folder "3" and inside the folder "Content". Index.php is the initial file in the root of the main directory "marketingdemo".
Considering that these are contents with restricted access (not public), if a user enters this route using the browser, the content of the course is shown, without mandatory validation of user and password.
Mi question is how do I control this situation? I understand that there are session variables that for some reason are not being considered when accessing the imported contents. What should I do in order to protect these imported contents from not validated access?
Thank you for your answer, I look forward to hearing from you soon.
Posted: 2004-05-28 02:56:19
greg Subject: Content dir is always readable
The content directory is primarily used for supporting files, rather than actual content, though you could store content their as I'm guessing your have. Content is normally store in the database, restricted from access.
There is no way, as a function of ATutor, to restrict access to files in the content directory. You could apply server based authentication (like htaccess with Apache) to make a content directory private (troublesome I'm sure). Students would have to know the names of file in your content directory to access them.
We'll try to deal with private content directories better in a future version.
***************************************