On Thu, Nov 04, 2010 at 09:33:31PM +0100, Peter Pöml wrote: > On Thu, Nov 04, 2010 at 03:27:27PM +0100, Peter Pöml wrote: > > I spent a little time playing with this. I basically implemented > > creating such temporary links in MirrorBrain. > > > > A quick and easy way to implement this is adding two things to the URL: > > the request time as seconds since epoch, and a MD5 hash from a string > > concatenated of epoch time and a shared secret. > > By the way, if downloads from mirrors should be more restricted, we > could add the clients IP address into the ticket. > > Peter
By accident, I stumbled over a similar implementation today: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/URLsigning.html It seems that Cisco practically does the same thing in their "Internet Streamer CDS" product (which is a Content Delivery Network solution). They have a few more options (ability to choose from several keys, symmetric and asymmetric keys, added IP address), but otherwise the idea is exactly the same it seems. (Adding the IP address would only work properly, I think, if the redirector and the mirrors are reached over the same version of the IP protocol -- either by IPv4 or IPv6. If the mirror server is reached by a different version, the IP would obviously not match.) Peter
pgpclAgOn5Dyq.pgp
Description: PGP signature
