next »

[Phaëton]

I want people to supply a password/be logged in before they get the
link to download the file.  Not a problem.  I just test for my condition,
if they meet my condition, (are logged in/supplied the password)
-- then they get the link.

Problem is, if they just know the link , they can get a file.

My first guess is to, generate a random file name,
making it good for an hour only by copying the real file
to that name , issue the temporary link and clean it up five minutes
later or once every few hours with a cron job that just deletes all
files named like that that are older than one hour...

I guess this would be a ghetto design to get the job done.. Any other suggestions
on how to think about overcoming this problem?

[Bompa]

I want people to supply a password/be logged in before they get the
link to download the file.  Not a problem.  I just test for my condition,
if they meet my condition, (are logged in/supplied the password)
-- then they get the link.

Problem is, if they just know the link , they can get a file.

They do not know the link until they qualify, so what's the problem?

They could pass the link around to others, but they could also just pass the file around to others.

They could also give the password to others.

Right?

I don't think there's a way to stop it.

Bompa

[perkiset]

Have the download be a PHP script. "echo" the contents of the file only if they are currently logged in.

Consider:

if ($_SESSION['isLoggedIn'])

echo file_get_contents('/www/sites/myRestrictedFile.bin');
else

echo 'Ha ha. Too smart for you.';

[Phaëton]

Okay ive considered this.

THis is interesting.. couldnt i just push a .avi out this way to stream it?

On another note, couldnt i use this as a redirect gateway so i can
bottleneck all traffic right where the fuel pump intersects with the
carb here..... all traffic through my php routine first for stats/mcp control, etc?

 

[perkiset]

Totally. You can use this to absolutely control what/how is delivered, which you don't (easily) get with Apache.

Streaming is a bit of a different story, and no, I don't think it'd work that way. But pseudo-streaming, or start on incomplete like YouTube would probably work OK.