Re: [users@httpd] Using apache as proxy with another Apache and JBoss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/18/05, DGeorgie@xxxxxxxxx <DGeorgie@xxxxxxxxx> wrote:
> The only obstacle we have is how to make sure that only authenticated users
> have access to the multimedia files. Any ideas? 

That depends on how you are tracking sessions.

Assuming you are using cookies, the most basic option is to have
apache verify the cookie before sending the file.  There are lots of
ways to do this, including mod_auth_cookie-type modules, cgi scripts,
etc.

If that is not feasible (perhaps because the apache proxy doesn't have
access to the database containing the approved session cookies), then
you would need to design some other method to pass a session back to
apache.  An example would be cryptographically signing some random
value and putting it the URL, then having apache check the signature
before sending the file.  This would probably require a cgi script.

The easy way out is to simply check the Referer request header, but
this would be totally insecure.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux