This is obviously a solved problem. I don't want to reinvent the wheel. Imagine a digital music store. I have a set of static files which I need to serve only to authenticated users. So the set of accessible files depends on the user. How do I let each user get the files she is entitled to and no other files?
Bad Idea 1: security by obscurity: hide the files behind query strings generated on the fly for session.user in the form of nasty looking hard to guess hashes. Ugly hack and vulnerable to brute force hash collision. Yuck! Bad Idea 2: set up an instance of node-static.Server() for each authenticated session, specifically serving a directory created on the fly for that session and containing symlinks to all (and only) files for which session.user has privileges. The main server would redirect requests for files to the ad hoc static server. Kludgus maximus! Good Idea: what you tell me. :) -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
