d-callan
commented
2 years ago my memory of the downloadSite, if its helpful, is that its apache listings where the parent directory wont list its children, and the children are all hashes of the study id that we dont expose anywhere. that was the 'protection' against finding a private study from a public one we used on the live site. though i also like the idea of something more real than that, dont know if that influences prioritization at all etc. (i also dont know if its still the case, since i havent looked at the workflow in quite a while)
steve-fischer-200
We need to create a new service frontend that wraps the download site and provides security per the dataset access service so people can only download raw files they should have access to.
Ryan thinks that right now the download site is just straight apache file listings.
We can maybe bundle that new service with one of the existing services to avoid the overhead of a brand new service.