I’m sorry if this has been asked before; I’ve done a fair amount of searching and I haven’t been able to find an answer.
I am setting up an Omeka repository (functioning as a catalog of sorts as well as a way to view digital collections) for a collection that belongs to a private family. Some of the records contain PDFs with semi-sensitive information, and I’d like to prevent people from stumbling across these files on Google or through guessing their locations - the URLs to private items’ files can be accessed without authenticating. Apart from obfuscation of URLs and modifying the “robots.txt” file, is there any way to limit access of these files to authenticated users? If not, would it be possible to place the entirety of the Omeka installation into a .htaccess-style restricted (password-protected) area?
There are a lot of different approaches to this floating out there. The simplest is just to leave those items private, and create users with roles that give access when they log in. Sometimes that also involves a modification to Guest User as needed.
@patrickmj I also have this question, but I’m not sure this totally solves the problem. Your recommendation definitely works to hide the private Omeka record pages from public access, but there is still a directory of files associated with those record pages. If @cfm121 is trying to do what I think he is, we’re interested in making that directory of files inaccessible to everyone/thing except for Omeka.
My research suggests the best way to do this is by modifying the htaccess file, but I haven’t been able to figure the best way to do this with Omeka without breaking things (I’m pretty much a beginner at this stuff).
In you want some inspiration for the htaccess, see the plugin ArchiveRepertory (http://omeka.org/add-ons/plugins/ArchiveRepertory/). This plugin adds a warning page to limit download and bandwidth theft for big original files.
Thanks, @Daniel_KM! This does look promising.