I am using the organic groups module on two of my Drupal websites. It was my intention to define a 'group' in order to create a password protected online space for members of this specific group, where they can share information. Other pages (about, news, publications) should still be accessible publicly.
After installation I noticed that only the NODES that are assigned to a certain group (not public) are password protected. Their ATTACHMENTS are not. If I am not logged in, I can still access the PDFs or other files that were attached to the hidden nodes. So if I know the address of the file, I can acccess it. Is there anything I can do about this?
I understood that as long as there are no links on one of the public nodes to the protected PDFs, they will not be indexed by Google. Is this right?
I am using Google as a search function because the Drupal search didn't index attachments. The other day I read there is a module that indexes attachments. I would love to have that module installed as well, but at this moment I am happy I didn't. If I would have, the Drupal search would have indexed also the files that I am trying to hide!
So here I am, hoping that no one will figure out the name of my attached files, that no one will accidently link to them so that they are indexed, or that someone does anything else that makes these not so well hidden files public. If there are any solutions or tips, please share them with me.
Thank your very much!
* PS I know this question has been asked before, but I can't find those posts and I don't recall there was a specific answer to them that helped me. Please let me know where to look for a solution, tip or useful comment. Thanks!