Experimental project

This is a sandbox project, which contains experimental code for developer use only.

This module adds a required URL token to the Media module's media browser, for the purpose of discouraging unauthorized use.

This module does not actually provide security, only a deterrent.

The idea is simply that on some sites, you may need to give unprivileged users (for example, even anonymous users) access to the media browser to add files to a particular file field when creating content. However, you do not necessarily want to make it easy for these users to add files outside the context of that field, where the files may go unnoticed or unreviewed. Therefore, this module simply adds a time-based URL token to media browser links within your Drupal site, which will allow access to the browser when visited via a link, but deny access if you attempt to visit the media/browser URL directly.

To emphasize once again, this technique cannot provide actual security; a determined user could still find the token and use it to manually add a file to the site outside of the intended workflow. However, it does make it a bit harder for random unprivileged users to come by and attempt to use your site as an open file server.

This module is sponsored by Advomatic, with special thanks to dalin for ideas and input on how the functionality should work.

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • Module categories: Media