serving large files with access controls
Suppose I have a typical proxied mod-perl setup and I have a large (~ 650 MB) file I'd like to provide authenticated access to. The mod-perl server will be doing the authentication, but for performance considerations I'd like the proxy server to serve the file directly instead of having the mod-perl server first forward the file to the proxy. Is there a way to do this so that access to the file would be _impossible_ unless the user is authenticated by the mod-perl server? I am looking for a solution that can guarantee that there is no way to circumvent the authentication process. I can think of solutions where the probability that users can access the file without authenticating can be made very small, but I am looking for an absolute guarantee. Regards, Erik Rantapaa [EMAIL PROTECTED] __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com
Re: serving large files with access controls
Is there a way to do this so that access to the file would be _impossible_ unless the user is authenticated by the mod-perl server? I am looking for a solution that can guarantee that there is no way to circumvent the authentication process. I can think of solutions where the probability that users can access the file without authenticating can be made very small, but I am looking for an absolute guarantee. Impossible, no. If the proxy server can handle FTP then one way is to have the source directory mods at 0711. That requires knowing the file name to get it; no listings w/o read access. After that you can have the web server, say, symlink a file with some temp name and redirect the user to the ftp server. Net result is that the proxy handles an ftp request for a name that is temporary to the download and hard to guess. -- Steven Lembark 2930 W. Palmer Workhorse Computing Chicago, IL 60647 +1 800 762 1582
Re: serving large files with access controls
We talked about this limiation of the dual setup before. There is no solution publically available. But you can try this: 1) check http://modperl.home.att.net or similar cookie-based ticketing system. 2) write a ticket-client module in C and load it into the proxy server (I have one based on libapreqs). 3) you can use the same ticket issuer mod_Perl module in the server machine, or any language as far as it can generate a valid cookie. 4) then serve the large file directly via the proxy server. Peter - Original Message - From: Erik Rantapaa [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 13, 2002 12:54 PM Subject: serving large files with access controls Suppose I have a typical proxied mod-perl setup and I have a large (~ 650 MB) file I'd like to provide authenticated access to. The mod-perl server will be doing the authentication, but for performance considerations I'd like the proxy server to serve the file directly instead of having the mod-perl server first forward the file to the proxy. Is there a way to do this so that access to the file would be _impossible_ unless the user is authenticated by the mod-perl server? I am looking for a solution that can guarantee that there is no way to circumvent the authentication process. I can think of solutions where the probability that users can access the file without authenticating can be made very small, but I am looking for an absolute guarantee. Regards, Erik Rantapaa [EMAIL PROTECTED] __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com