This morning I pushed version 1.1 of my VZ Url fieldtype for Brandon Kelly’s FieldFrame extension up to GitHub. The code for this version completely rewritten to (hopefully!) eliminate some issues with ajax calls returning in the wrong order, leading to false negatives. While I was at it, I made the errors display in a pop-up box, allowing for more verbose errors without breaking the layout.
All New VZ Url fieldtype
Securing your downloads with mod_xsendfile
In many case you have files available through your webapp that should only be accessible to certain people. You don’t want to rely on security through obscurity (throwing them all in a public folder, but only showing the links to certain visitors). Although that will deter casual users from getting ahold of the forbidden files, once someone has the link they could post it anywhere and your security is blown. What you want to do is to squirrel the files away outside of your publicly-accessible folder and then give them out as needed once a user is validated by whatever authentication method you are using. Apache’s mod_xsendfile module (inspired by lighthttpd’s X-Sendfile )is the tool for this job.