httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Watts <m.wa...@eris.qinetiq.com>
Subject Re: [users@httpd] Custom authentication?
Date Tue, 04 Jan 2011 11:28:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/04/2011 11:19 AM, Oliver Beattie wrote:
> Hi there,
> 
> I am sure this question has likely been asked many times before, I'm
> just having a bit of a hard time finding answers.
> 
> Basically, I need to be able to authenticate downloads based on a URL
> signature if present (passed as a query parameter), instead of via Basic
> authentication (I need to support both of these, but bypass the basic
> auth if no signature is present). It isn't a requirement that they live
> at the same path, so they can be at different virtual hosts/directories
> if necessary. 
> 
> At first, I thought the best way to do this would be just through a
> simple CGI/WSGI/whatever, but the files I am authenticating access to
> are very large (many GB) and I fear there may be a performance
> implication of doing this (and things like Range requests won't be
> possible without extra work).
> 
> Has anyone had any experience with this? What is the best way to
> proceed? Any help anyone could give would be very much appreciated :)
> 
> —Oliver

After authentication, set a cookie with a sensible lifetime (~1 day).
If the cookie is set and valid allow the download, otherwise redirect to
the login page.

Mark.

- -- 
Mark Watts BSc RHCE
Senior Systems Engineer, MSS Secure Managed Hosting
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
=sGQx
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message