http://qs1969.pair.com?node_id=1153268


in reply to script to access private folder

What would stop the user from bypassing the authentication by simply not using your Perl interface at all, accessing the files directly with some other software? I'm assuming you have something in mind for this, but I don't know what it is. Are the files encrypted? Owned by root and chmod ugo-rwx? Not stored at all except in process memory? Your Perl interface will need to take this stuff into account and might need to be completely different depending on the answer. One person who already replied is assuming that the data are on a remote server. That would lead to a completely different Perl interface than most of the other cases. We can't really advise you very well on how to do what you want without knowing more about what exactly it is that you want to do.

Replies are listed 'Best First'.
Re^2: script to access private folder
by Anonymous Monk on Jan 22, 2016 at 04:56 UTC

    Thanks, this is a great reply. I'm sorry the question was badly phrased and I'm grateful for the thoughtfulness of most of the responses.

    The files are on a remote server and this is for users of a web site. The files are industry specific and not of interest to most of society, but should be kept confidential. Therefore I think a level of obfuscation would be sufficient, rather than a need for high level out and out security.

    I have the login and file listing part of the service, and what I'm thinking about doing is creating a cron which periodically creates a new name for the folder, and records it in a db. The loading script uses that record to create the link, and there is a web page or ajax refresh of the links to keep them updated on the page.

    I think this would be quite efficient in terms of preventing the file links from being shared between interested parties, however I'm sure that there are probably more efficient processes I could use. I would be interested in knowing yours and other thoughts on this?

      have a look at Apache::OneTimeURL as this seems to fit your needs and is quite simpler than what you proposed, you will need an apache server but you wont need a database

        That does look very promising. Thanks for the advice!