TheGU / mod-auth-token

This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security.
Apache License 2.0
0 stars 0 forks source link

Added GlobalToken flag - patch attached #7

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
We needed a way to secure full html pages with images and videos that load
in the same directory. We wanted to make these pages accessible within a
specific time window. We wanted to use mod_auth_token to do this, but every
file that gets loaded in the page is a separate request to Apache and
requires a unique token for every image or embeded resource in the page. 
So I added a new flag to the config called GlobalToken. The token is the
MD5 of the secret and the hextime, but not the file path. When this is
enabled the generated link uses just the secret + the hex time to create
the token, then all embedded resources in the page share the same token. 
It works great for our purposes and is a great way to secure flash videos
from leaching, and link sharing.

Please see the attached patch file.

Thank you for a great mod!
Jared Sprague
Red Hat Software Applications Engineer
RHCE 805009722242451 

Original issue reported on code.google.com by arab...@gmail.com on 7 May 2010 at 7:30

Attachments:

GoogleCodeExporter commented 9 years ago
Oops I, didn't mean to make this a type-defect. It's an enhancement.

Original comment by arab...@gmail.com on 7 May 2010 at 7:31

GoogleCodeExporter commented 9 years ago
Thanks you a lot for your patch, gonna check it and merge it on the next 
release when
i'll have time.

Original comment by teixeira...@gmail.com on 14 May 2010 at 8:26

GoogleCodeExporter commented 9 years ago

Original comment by teixeira...@gmail.com on 23 Jun 2010 at 7:56