search

zwerfkat / mod-auth-token

Automatically exported from code.google.com/p/mod-auth-token
Apache License 2.0
0 stars 1 forks source link

Protect multiple dynamic folders? #12

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Creating a site where users can upload binary content. Want to protect that 
content from direct download by other users by dynamically generating urls 
where appropriate. 

Content is stored in a folder per user id. eg 
(/video/[uid]/converted/filename.mpg)

How can I protect video/*/converted. It looks like your code generates the 
token from the data in the httpd.conf which would be static. Filename appears 
to be handled in a "special" way by both apache and your code. 

please advise.

What version of the product are you using? On what operating system?
mod_auth_token 1.05
Apache 2.2.3
Centos 5.5

<Location /sites/default/files/videos/*/video/converted/>
  AuthTokenSecret     "MyTopSecretToken"
  AuthTokenPrefix     /sites/default/files/videos/*/video/converted/
  AuthTokenTimeout    30
</Location>

Original issue reported on code.google.com by Silicon....@gmail.com on 1 Dec 2010 at 4:32

GoogleCodeExporter commented 9 years ago 
If you want to have a protection by folders, the best is set rules on htacess 
files. This is on the roadmap. (an issue has been openned for that)

Thanks.

Original comment by teixeira...@gmail.com on 19 Apr 2011 at 4:44

GoogleCodeExporter commented 9 years ago

Original comment by teixeira...@gmail.com on 19 Apr 2011 at 4:44