We're currently using SCORM packages in our Moodle site as external manifests. We upload the unzipped packages in a directory (called packages) on the webserver, add a new SCORM activity and link tot the XML manifest of the related package. Works fine and performance is (for whatever reason) much better than when uploading the SCORM packages as a zip.
However, this means that the packages are unprotected (available for anybody with the url) in a folder in we www root. We would like to restrict this. Is there any possibility to either link to manifests in moodledata or to protect the packages directory from direct access? As far as I know, I can only use links to external manifests in http form, therefor eliminating the possibility to link to moodledata.
Thanks a lot in advance,