Public vs. private file systems

The file field upload destination in Sector is set to the public file system. This is good enough for most (but not all) sites.

What is a public file system? 

Files in a public directory are publicly available - anyone who knows the URL of a file (e.g <domain>/files/document-2020.pdf) can view and download the file. Furthermore, search engines might index your file and list it as a search result.

When is a public file system not good enough? 

For most websites under editorial control (no user-generated content) this is not an issue, but public access to files - images, pdfs, etc. - can be a risk in some cases.

Is your content classified as 'embargoed until publication'?

If your editorial staff handles content classified as embargoed until publication, you will need to review the use of a public file system when:

• The embargoed content includes images and file attachments
• The content is uploaded to the website prior to publication
• Your editorial workflow has a preference for an easily decodable file directory and filenames (e.g <domain>/files/document-2020.pdf)

A public visitor might gain access to a file if:

• The visitor is able to guess the URL path to the file,
• The path to the file is 'leaked' to the public, or
• The file is indexed by a search engine and can be seen in its search results.

We highly recommend to use the private file system for content that is 'embargoed until publication'. 

Is your site or a part of your site access restricted?

As soon as your site or a part of your site is access restricted (i.e. can only be accessed by logged in users), you need to use the private file system.

What is a private file system?

Files in the private directory are not accessible directly through the web server; when private files are listed, the links are Drupal path requests (e.g. <domain>/system/files/document-2020.pdf) and Drupal access restrictions will decide if a file can be viewed from the directory.

So why not use the private file system in the first place?

This is a good question! The system needs to work to resolve access to the file - Drupal must resolve the path for each file download request. A private file system adds to the server load and the download time so your pages, images and files take longer to load. For images and files in the main content area (managed by the WYSIWYG editor) the level of complexity is even higher.

Is there are middle ground?

Yes! One way to work around people trying to guess your file names is to anonymise your filenames on upload by using randomised tokens using the file path module . This needs to be balanced against potential usability issues because the file name is no longer semantic, e.g. my-brand-brochure.pdf is now called 347e8hsfdyuiwy78adhrwuer.pdf. 

Another way is to ensure that search engines keep away from your file system. Talk to your hosting company for options around that.  

In short?

For sites that work with public content, a private file system adds complexity, while for sites that require access restrictions or work with sensitive content, a private file system is a must.