Closed dglol closed 12 years ago
Student resumes will also need this jail ability. I found a pretty good method of doing this: http://wiki.nginx.org/XSendfile but it wont be testable on local environments so I'll have to dive into staging and tweak it from there. But first, I need to find all the places where sensitive files are being served.
Actually, we didn't even need the XSendfile since Apache is serving out the files when it's requested through the app. We just needed to make the folders internal in nginx:
location /media/student/student {
internal;
}
location /media/employer/resumebook {
internal;
}
Currently resume books can be accessed via URL by anyone and are not even obfuscated