> Is there a way to do this so that access to the file
> would be _impossible_ unless the user is authenticated
> by the mod-perl server? I am looking for a solution
> that can guarantee that there is no way to circumvent
> the authentication process. I can think of solutions
> where the probability that users can access the file
> without authenticating can be made very small, but I
> am looking for an absolute guarantee.
Impossible, no. If the proxy server can handle FTP
then one way is to have the source directory mods
at 0711. That requires knowing the file name to
get it; no listings w/o read access. After that you
can have the web server, say, symlink a file with
some temp name and redirect the user to the ftp
server.
Net result is that the proxy handles an ftp request
for a name that is temporary to the download and hard
to guess.
--
Steven Lembark 2930 W. Palmer
Workhorse Computing Chicago, IL 60647
+1 800 762 1582
