-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After authentication, set a cookie with a sensible lifetime (~1 day).
On 01/04/2011 11:19 AM, Oliver Beattie wrote:
> Hi there,
>
> I am sure this question has likely been asked many times before, I'm
> just having a bit of a hard time finding answers.
>
> Basically, I need to be able to authenticate downloads based on a URL
> signature if present (passed as a query parameter), instead of via Basic
> authentication (I need to support both of these, but bypass the basic
> auth if no signature is present). It isn't a requirement that they live
> at the same path, so they can be at different virtual hosts/directories
> if necessary.
>
> At first, I thought the best way to do this would be just through a
> simple CGI/WSGI/whatever, but the files I am authenticating access to
> are very large (many GB) and I fear there may be a performance
> implication of doing this (and things like Range requests won't be
> possible without extra work).
>
> Has anyone had any experience with this? What is the best way to
> proceed? Any help anyone could give would be very much appreciated :)
>
> —Oliver
If the cookie is set and valid allow the download, otherwise redirect to
the login page.
Mark.
- --
Mark Watts BSc RHCE
Senior Systems Engineer, MSS Secure Managed Hosting
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
=sGQx
-----END PGP SIGNATURE-----
|