--On 29 June 2012 10:06:04 +0200 Daniel Merino <daniel.merino@xxxxxxxxxxx> wrote:
However, with some specially sensible videos we also have an extra protection. We set an htaccess with mod_authn_dbd linked with Drupal database, so direct access to these resources URLs is protected with the same user & password used in Drupal.
I suggest you don't do that then. How about getting your http Drupal installation to send out an http URL to the video which contains e.g. the username, a time, and a hash of both with a secret. Then, in the bit serving the videos, check that the hash is valid, and the time is within (say) 5 seconds of the current time (which will prevent reuse and token sharing), and just stream with no further authentication. -- Alex Bligh --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|