in reply to RE: Download, don't redirect.
in thread Download, don't redirect.

With the location method, your files' urls are as good as public. Supposing that you only want users with a registration code (for a private distribution site perhaps?) to be able to access the file, or more simply, you want to maintain track of what files are being download via an application (not the webserver log) this would be a way of keeping files absolutely OUT of user direct access.

I had this method running on Oracle's support site in Brazil where only users that pay for the service can download patches, docs, etc... Once the user has been authenticated, cookies get set, and the permission level on a file has to be previously set PER CLIENT so that they can download the file.

The previous way they had this was by setting the permissions on the webserver via .htaccess (or the equivalent since Oracle Application Server doesn't support .htaccess), but the clients were trading off URLs, so once s/he logged in all he had to do was download the file since authentication was not per file / per client based.

I hope that was better than example than just "plucking off the server"... :o)

(In Oracle's specific case, all the files are on the database, being read off as BLOBs, but the snippet I posted is intended for files laying around the filesystem somewhere...)

Replies are listed 'Best First'.
RE: RE: RE: Download, don't redirect.
by turnstep (Parson) on Apr 28, 2000 at 19:45 UTC

    I think I understand now. Instead of giving out a URL, you just want to give out the data. So even though you need to be authenticated before recieving the "Location", you can still pass on the URL that is returned to your friends... Still, I would not call them as "good as public" - it depends on the users integrity, no?

[reply]
      Users? Integrity? You're not from Brazil are you? :o)

      #!/home/bbq/bin/perl
      # Trust no1!
[reply]

In Section Cool Uses for Perl