Hello Lee,
Follow these steps:
- Configure a Directory rule. Let's say: /secret
- Set the rule to use "Hidden Downloads" handler
- Set the Document Root directory (this is important!)
- Set the Secret string
Now, the only thing you need is a short script like this:
====================================
import time
try:
from hashlib import md5
except ImportError:
from md5 import md5
SECRET = "secret_string_foobar"
DIR = "secret"
NOW = "%08x"%(time.time())
def secure_download (url, secret):
t = "%08x"%(time.time())
return '/'+ DIR +'/'+ md5(secret + url + t).hexdigest() +'/'+ t + url
# Example request
file = "test.txt"
host = "localhost"
hidden_url = secure_download('/%s'%(file), SECRET)
print "/%(DIR)s/%(file)s -> http://%(host)s%(hidden_url)s" %(locals())
====================================
On 28/01/2011, at 14:39, Lee wrote:
>
>
> On Jan 26, 8:45 am, Alvaro Lopez Ortega <[email protected]> wrote:
>> On 26/01/2011, at 14:15, Lee Connell wrote:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> On Wed, Jan 26, 2011 at 4:24 AM, Alvaro Lopez Ortega <[email protected]>
>>> wrote:
>>> On 25/01/2011, at 20:44, Lee Connell wrote:
>>
>>>> This is the URL I generated and sent back to the client:
>>>> http://www.example.com:81/secure_files/457c02a1ad1d92c5be833e163b3cf8...
>>
>>>> I get a 403 Forbidden, you have no access to the requested URL.
>>
>>>> If I wait the default 60 seconds i get:
>>>> 410 Gone, The requested URL
>>>> /secure_files/457c02a1ad1d92c5be833e163b3cf87b/4d3f25ac/pass.txt is no
>>>> longer available on this server and there is no forwarding address
>>
>>>> How come I am being denied initially?
>>
>>> The MD5 was incorrect, most likely because of how you built the raw string
>>> from your script.
>>
>>> This is what I used to generate the url, same as what is available in the
>>> docs.
>>
>>> def generate_download(filename):
>>> secret = 'mysecret'
>>> prefix = '/secure_files'
>>> t = '%08x' % (time.time())
>>> return prefix + "/%s/%s/%s" % (hashlib.md5(secret + filename +
>>> t).hexdigest(), t, filename)
>>
>> Usually the problem is related to duplicated or missing slash characters in
>> the intermediate strings. I'd personally start by checking the value of the
>> following strings:
>>
>> - secret + filename + t
>> - prefix + "/%s/%s/%s" % (hashlib.md5(secret + filename + t).hexdigest(),
>> t, filename)
>>
>> --
>> Octalityhttp://www.octality.com/
>>
>> _______________________________________________
>> Cherokee mailing list
>> [email protected]http://lists.octality.com/listinfo/cherokee
>
> I don't see what is going wrong here, no slashes are missing or
> duplicated.
>
> here are the values individually and as a whole:
>
> time: 4d41c2ba
> md5: 679f15c6f3c8d3644d5298832f2b7d49
> file: pass.txt
> final value: /secure_files/679f15c6f3c8d3644d5298832f2b7d49/4d41c2ba/
> pass.txt
>
> def generate_download(file):
> secret = "secret"
> prefix = "/secure_files"
> t = '%08x' % (time.time())
> m = hashlib.md5(secret + file + t).hexdigest()
> print t
> print m
> print file
> return prefix + "/%s/%s/%s" % (m, t, file)
> _______________________________________________
> Cherokee mailing list
> [email protected]
> http://lists.octality.com/listinfo/cherokee
--
Octality
http://www.octality.com/
_______________________________________________
Cherokee mailing list
[email protected]
http://lists.octality.com/listinfo/cherokee
