Media File System
This section defines where your images, videos, documents and other uploads will be stored. Although Drupal defines a few defaults to get your site up and running you should take a few minutes to understand how and where Drupal stores your files.
Public vs. Private Files
The first two settings on this page are the locations of your public files and your private files as shown in Figure 4-11. Public files are considered files that are accessible to the entirety of the Internet for unlimited, unrestricted download. Private files are the exact opposite. Downloading private files may require a user to log in or a user might be restricted to only a single download or a limited number of downloads in a day. Whatever your requirement, a private file is guarded by Drupal whereas a public file is not.
Public file system path sites/default/files
A focal file system path where public files wilt Jae stored. This directory must exist and be writable by Drupal. This directory must be relative to the Drupal installation directory and be accessible over the web.
Private tile system path
/Appl icatiorts^ac q uia-drupal/p rivata/f ¡1 es
A local file system path whefe private files will be stored. This directory must exist and be writable by Drupal. This directory should not be accessible over the web.
FIGURE 4-11
Consider the following example of a file named budget.pdf. Using the Public or Private file type, the following URLs would be used respectively:
^ Public — http://localhost/sites/default/files/budget.pdf
^ Private — http://localhost/system/files/budget.pdf
The difference between the two is immense. The public file URL points directly to the file on your server's hard drive. To reduce system resources, Drupal will not be informed of this request and the file will be sent directly to the client. In comparison, the Private file is preceded by /system/files, a pseudo path that Drupal manages. When this file is requested Drupal starts up and enforces the security restrictions on the file.
The Private File Tax
As with any middle-tier there is a tax for this interception and it is the performance of your server. Public files are dramatically faster than private files. Fortunately in Drupal 7 you can host both public and private files side by side. You will learn more about this in Chapter 6, "Content."
Put Your Files on Lock Down
If you decide to use private files, be sure to change the private file system directory shown in Figure 4-11 to a location outside of your web server directory. Drupal will prevent direct access to this directory by using a .htaccess file, but a poorly configured server could ignore this directive allowing access by a crafty visitor. Placing these files in a location that is not web accessible will force Drupal to always retrieve them, thwarting those crafty site visitors.
Set It and Forget It
Modifying the public or private file system directories after files have been uploaded will not move any of the existing files although it will modify the URLs to those files. This will cause every file uploaded before the system directory change to result in a 404 page not found until you manually move the files to the new directory.
Average user rating: 5 stars out of 1 votes
Post a comment