Hi, We are planning to implement a solution where we host user photos and video files like flickr does. And, as a typical solution, we are planning to host these files on a NAS, put an apache server in front of this NAS and place a squid proxy cache as the entry point. Our application will be hosted on application servers, and it must have a different domain name, i.e. application will be accessed via x.com and squid (and hence multimedia files) will be accessed via y.com, so there is no way of sharing authentication state and/or cookies and I don't want users to double authenticate for usability reasons. But, some of these photos and videos need to be protected, for example a user might choose to limit access to a photo by his friends only. I looked at how flickr does it, and they do something like authorization by URL. I mean, the URL is specifically generated and it is a long URL, but if you give this URL to anyone (or if anyone sniffs the network), they can access this photo. What I am thinking about doing is to generate time sensitive URLs (URL will be valid for 20 minutes). When application generates a page and places a link to this photo in the page, the URL will be something like http://www.y.com/asdkhjasd01.gif?t=time_t&hash=z and I can use Squid redirector plugin to verify the timestamp and allow access to it. So, my question is do you think Flickr's scheme is secure enough? If so, what I will be doing is even more secure, and it will let squid cache it for 20 minutes. Can you please recommend anything better and/or more secure and fast? I would appreciate it if you can share your experience in this matter. Thanks.
