On 11/23/2013 01:52 AM, Daniel Berteaud wrote: > Multi downloads/uploads for tickets and grants is probably better to > have first, but here's an idea for a interesting feature: external > users could ask a grant themself. > > Here's how I see it: for each users registered, dl creates a special > URL (maybe using a hash of the login of some forme). This link could > be added in email signature (To send me a file, click on this link). > This page would present a form where the (external, unauthenticated) > user should prove it's a human (email verification, or captcha for > example), and if the user passed the test, he could acess the upload > form. The corresponding registered user would then be notified > exactly the same way grants are handled.
I like the idea in general. > Of course this could have security implication, so should be: > > - optional > - file check should be performed (AV, mime type > black/white list) > - internal users should receive the email/name of > who sent the file Identification is the hard part. If you have just a fixed URL, there's not much you can do to prevent anybody sending you a file. > Just an idea, but for my use, this would really be great. This got me thinking. What if "DL for thunderbird" generated automatically grant for every email you sent and put the link in the signature like you said? When creating the grant, I can automatically assign the identity in some other field, so you can track from whom the file was sent. I can also tag the grant differently, such as "automatically created" so that it doesn't clutter the grant list and/or has different/shorter expiration settings.
