> The script request.php sends the filename "special.pdf" to Server B. Server B > generates a token that only works for that filename and can only be used once > and only within the next thirty seconds, and stores it on the server > somewhere. The script (on server A) then redirects to this URL: > > http://serverB.com/download.php?file=special.pdf&token=4d56s74d85ww > > > I would love a solution that doesn't require the token. I need people to not > be able to do this� > > http://serverB.com/download.php?file=special.pdf > > > �though without being authenticated (logged in) on Server A.
I would do it like this: 1. anything that is on serverB that needs authentication needs to go through serverA 2. serverA will access a special url/directory structure on serverB that is allowed access via ip or some other mechanism like a login or something 3. serverA thus becomes a proxy for your restricted content This would allow you to not have to worry about tokens or anything like that. The auth would be handled between serverA and serverB for that specific content. Your normal content on serverB would be accessed without restrictions for that public content. this means that requests like this (http://serverB.com/download.php?file=special.pdf) need to come from serverA only and no one else. You could even do that in the download.php file too. -- thebigdog _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
