On Sat, Apr 02 2016, Mike Morris <m...@musicplace.com> wrote: >> The password is hashed for both, so you can only check whether it >> matches against the user/ticket, but you cannot recover it. > > Ahhh, of course. So keeping a separate table of emails the ticket was > issued to, and their password, is definitely overkill.
Adding tracking at least of the email address is something that I'd like to implement eventually. Knowing which email address has downloaded your ticket, besides being nice to know, allows to have finer-grained permissions of a ticket expiry (as in: do not expire until *all* addresses have downloaded at least once). > My "use case" is not about the large file capabilities, but more the > security. I'm sending confidential docs 1 at a time to an audience of 50 > people or so, who request them occasionally. Most of my tickets will > probably be permanent, and I will reissue them several times a month as > requests come in. Having a history of who I sent to would be an > interesting exercise for me to track, that's all. Some of them are docs > that don't change much over time, people just lose their copy, or get a > new PC or something and don't have it anymore. DL was always more aimed at ephemeral transfers. That is: the main goal is automatic cleanup. You might use that to your advantage in this case. Do you use linux and/or have some basic scripting knowledge? If yes, I would actually send individually-generated tickets (one per address) to each recipient, with a random password for each, ~30 days fixed expiry and 1 download limit. You have "dl-cli.py" to generate a ticket on the fly from the command line. This would have some advantages: - the password is not shared - the ticket becomes useless if not acted upon - you know which users downloaded the document (in this scenario, the automatic download notification might already be enough!). Which makes more sense if you want to encourage users to act on it. In this case the remainder is necessary to renew the credentials as well. If your aim is really to have a fixed document URL with a shared password, maybe an https DAV server would make more sense. You just upload the document and setup a password for it. Incidentally, there's also a thunderbird extension to use a WebDAV server for attachments, although I never used it personally. It might also fit the bill.