I don't think the generated bitstream checksum can be used in this case. The sum needed in lighttpd's case is the md5 sum of a concatenated string. The string is made up of a secret pass, the file name with a forward slash in front, and a time string that was previously converted to it's hex value.
On the other hand i don't think one can trust the HTTP referer since it can be manipulated. Evelthon On 04/25/2012 11:41 AM, helix84 wrote: > On Wed, Apr 25, 2012 at 10:37, Evelthon Prodromou > <[email protected]> wrote: >> I'm working with lighttpd to host large video files. It seems to be >> working but i still have to make some more checks. My "problem" is that >> the url pointing to the file is viewable in the source code leading to >> the possibility of a third party linkining to the file. By using the >> secdownload module, links expire after a certain amount of time, thus >> discouraging direct linking. > You might want to prefer solving that on the file server side by > checking HTTP referer instead of on the DSpace side. > > If you insist on doing that in DSpace, you can store the > pre-calculated checksum of externally hosted files in metadata and > only calculate the timestamp on page display. > > Regards, > ~~helix84 > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
