On 4/18/05, DGeorgie@xxxxxxxxx <DGeorgie@xxxxxxxxx> wrote: > The only obstacle we have is how to make sure that only authenticated users > have access to the multimedia files. Any ideas? That depends on how you are tracking sessions. Assuming you are using cookies, the most basic option is to have apache verify the cookie before sending the file. There are lots of ways to do this, including mod_auth_cookie-type modules, cgi scripts, etc. If that is not feasible (perhaps because the apache proxy doesn't have access to the database containing the approved session cookies), then you would need to design some other method to pass a session back to apache. An example would be cryptographically signing some random value and putting it the URL, then having apache check the signature before sending the file. This would probably require a cgi script. The easy way out is to simply check the Referer request header, but this would be totally insecure. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|