httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Pulsifer" <pulsif...@comcast.net>
Subject RE: [users@httpd] setting MaxClients locally?
Date Fri, 08 Jun 2007 10:43:41 GMT
> I probably should have said this in 
> the first place, most of these PDFs are hidden behind a 
> login*, while a few of them are even paid-for. (And to make 
> it even more complicated, PDFs become free after a while, 
> while their location stays the same.) Apache knows -via a 
> whole bunch of mod_perl modules- whether the user is logged 
> in and, if they are, whether they have paid us money, so I 
> think moving the PDFs to a different sever -whether on the 
> same machine or not- it would over-complicate things. And, in 
> particular, wouldn't be the quick solution I'm looking for.

A simple method I've used in the past to solve cross-domain authenticated
download problems like this:

1. Server A authenticates the user and generates a redirect to
http://contentserver/file.pdf?t=XXXXXXX&a=ZZZZZZZZ

where T = the unix timestamp and a = sha1(filepath + T, mysecretvalue)

2. Server B checks that the timestamp t is sufficiently recent and that the
hash value is correct, and if so, delivers the file.

Amazon S3 by the way has similar logic built into it, so it can act as
Server B in this scenario.  See "Query String Request Authentication
Alternative" at
http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAuthentication.htm
l


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message