On Tue, Jul 6, 2010 at 12:53 PM, Ian Boston <[email protected]> wrote: >>> The data protection policy that is driving this is that, we have 50K users, >>> all with user ID's we have to > prevent anyone from getting a list of the user ID's, but still allow someone > who knows the user ID to access > the content. Its the same as the UserDir module in Apache httpd ie /~ieb
The best might then be to reproduce that using a UserDir servlet? Keep restricted permissions on the real /_user path, and map this UserDir servlet to the /home/~* so that it can internally map paths like /home/~ieb/foo/bar.pdf to /_user/ieb/foo/bar.pdf while not exposing more than needed. The next problem then is mapping that to WebDAV operations, might be more problematic. But IIUC this access is read-only anyway, so just HTTP might be sufficient. -Bertrand
