in reply to Serving files without revealing their location

I have absolutely no idea how to do this using Perl or any kind of CGI.pm trick, but I would do this using symlinks on the server filesystem:

Use the docroot as a kind of holdall with index.html or index.cgi directing them to a page in a subdirectory. The place symlinks in the docroot to all of the desired files.

I am NOT suggesting you do this, though: as a solution it is highly crufty. In spite of making a mess there are probably other good reasons not to do it of which I am unaware. It was just something that occurred to me.

Elgon

Update: One thing I forgot: Why? (See also Salvadors reply about mapping below.)

Update #2:Okay, now I understand the kind of question we're dealing with here. What I would do is use a script which basically takes your account details and uses some kind of ID authentication function (password, credit card details, account details etc...) to take an encrypted file from a directory visible to the webserver, unencrypt it and return it to the client: then it doesn't matter if the URL is visible 'cause no bugger can unencrypt it without the key. Of course they're welcome to try a brute force attack if they want...

On the other hand, if they really want to hand off the data to someone else, they can just take the copy they have, copy it and email it to them. Never underestimate a resourceful idiot!

  • Comment on Re: Serving files without revealing their location

Replies are listed 'Best First'.
Re: Re: Serving files without revealing their location
by 2501 (Pilgrim) on Jan 29, 2001 at 02:35 UTC
    This question has also semi interested me as well. I can give you my own version of why...You offer an ecommerce solution to your customer (reffered to as 'the merchant'). The merchant is interested in selling intangible items such as information (websites, documentation) or files (apps and downloadable documents) to his customers. The problem is he doesn't want customer A purchasing product X and posting/spreading the link he used to get to product X OR using product X as a means of guessing links to product Y or product Z.
    Now lets put a real twist in this whole thing:) Some merchants don't mind housing files on a server owned by you, while other merchants can't and/or won't leave their merchandise on your machines, they want your ecommerce solution to point to something off site.
    Now the demand I get all the time is "I don't want my customers to know the link" or something along those lines so they in essence, get a one time download. The closest I can get is severely screwing up the address and making it near impossible for a non-technical customer to identify the address, but I have yet to even imagine a possibility of truly "hiding" an address.
    I think I could write a decent portaling system if the files were housed on my side, but 90% of the requests are for an offsite file/location.

    I can sort of see the logic in why this is impossible. "If you WANT someone to have something, why are you trying to hide it at the same time?"


    How is that for a valid "why?" :)
    hehe


    2501
[reply]

In Section Seekers of Perl Wisdom