I would like to discuss the following scenario:
There is a website with an area which could only be seen in the frontend when logged in. Kind of restricted area. There the CMS will offer private pictures and documents - some of it for download.
Since silverstripe supports friendly urls one confidential picture for example could be reached at:
http://www.myhost.com/assets/Uploads/NOT-FOR-YOUR-EYES.png
The content is secured by login, but the URL for the pic could be reached. I think this is not what most people want.
What is best praxis avoid this? Especially with the URL-rewriting URLs could get guessable.
Thanks for reply.
S.